Research Reveals New Vulnerabilities Being Exploited within 48 Hours

According to new research, in 2024, attackers are exploiting new vulnerabilities within 48 hours of their discovery, with 61% utilizing new exploit code in this brief window. Organizations faced an average of 68 days under critical cyber-attacks, with ransomware posing a significant threat, particularly in the healthcare sector, where it accounted for 95% of breaches, affecting over 198 million U.S. patients.  

AI-driven tools have made cyber-attacks more accessible and complex. Server-side request forgery (SSRF) attacks surged by 452% as AI enhanced obfuscation techniques and automated exploit chaining. Business Email Compromise (BEC) attacks evolved, with generative AI enabling cybercriminals to craft highly convincing phishing emails.

File-based attacks, especially those involving malicious PDFs and HTML phishing files, saw a significant increase. Data indicates that 38% of detected malicious files were HTML-based, with PDFs comprising 22%. Attackers are leveraging AI-driven automation and advanced evasion techniques, making it increasingly challenging for small and medium-sized businesses (SMBs) to defend themselves.

Takeaway: Traditionally, zero-day vulnerabilities—security flaws unknown to vendors—were primarily exploited by nation-state actors due to the high level of expertise and resources required. However, recent incidents indicate that cybercriminal groups, such as the Cl0p ransomware gang, have adopted these advanced tactics.  

In 2023, Cl0p exploited a zero-day vulnerability in the MOVEit Transfer software, leading to significant data breaches across numerous organizations. This vulnerability allowed attackers to access and exfiltrate sensitive data before any patches were available, demonstrating the increased capability of cybercriminals to leverage such exploits.

Automation enables attackers to rapidly scan for vulnerable systems, deploy exploits, and propagate malware with minimal human intervention. This efficiency accelerates the attack process and broadens its scope, allowing cybercriminals to target multiple organizations simultaneously.  

For instance, during the MOVEit exploitation, Cl0p automated the identification of vulnerable servers and the subsequent data extraction process, facilitating the swift compromise of numerous targets.  

The convergence of zero-day exploits and automation in ransomware attacks presents significant challenges for organizational cybersecurity. Traditional security measures, which often rely on signature-based detection and manual patch management, are insufficient against these advanced threats.  

Organizations must adopt a multilayered security approach that includes proactive vulnerability management, behavioral analysis, threat hunting, and incident response planning. The rapid adoption of zero-day exploits and automation by ransomware groups signifies a paradigm shift in the cyber threat landscape.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more, and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.