Events , Fraud Management & Cybercrime , Governance & Risk Management
Zero-Day Exploits and Ransomware Trends for 2024
Rapid7's Christiaan Beek Addresses the Surge in Zero-Day ExploitsCybersecurity experts are witnessing a troubling increase in the use of zero-day vulnerabilities, especially against network appliances. This trend continues to escalate in 2024, presenting significant challenges, said Christiaan Beek, senior director of threat analytics at Rapid7. More than 60% of the vulnerabilities Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days, he said, citing a recent annual intelligence report by Rapid7.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
Beek said the high ransoms paid enable threat actors to buy zero-day exploits, increasing the potential damage. "We are enabling threat actors to buy zero-days, and that's a scary development," he said. Organizations must adopt robust detection mechanisms, given the lack of traditional security measures on network appliances.
"These devices are supposed to secure our networks, but there's no way you can install an AV client on it, or an EDR client, or ask the devices for some fancy logs about what is happening on the device itself," Beek said. "They were just meant to keep the bad guys out and allow traffic in and out in the right way. This lack of visibility is a huge challenge."
In this video interview with Information Security Media Group at Infosecurity Europe 2024, Beek discussed:
- The surge in zero-day exploits targeting network appliances;
- Ransomware trends and the role of high ransom payments in funding zero-day purchases;
- The need for improved detection and response strategies.
Beek has more than 20 years of experience leading and contributing to cybersecurity research, intelligence gathering and data science. At Rapid7, he leads strategic research on gathering threat data and inventing new research techniques.