Events , Fraud Management & Cybercrime , Governance & Risk Management

Zero-Day Exploits and Ransomware Trends for 2024

Rapid7's Christiaan Beek Addresses the Surge in Zero-Day Exploits
Christiaan Beek, senior director,threat analytics, Rapid7

Cybersecurity experts are witnessing a troubling increase in the use of zero-day vulnerabilities, especially against network appliances. This trend continues to escalate in 2024, presenting significant challenges, said Christiaan Beek, senior director of threat analytics at Rapid7. More than 60% of the vulnerabilities Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days, he said, citing a recent annual intelligence report by Rapid7.

See Also: The Cost of Underpreparedness to Your Business

Beek said the high ransoms paid enable threat actors to buy zero-day exploits, increasing the potential damage. "We are enabling threat actors to buy zero-days, and that's a scary development," he said. Organizations must adopt robust detection mechanisms, given the lack of traditional security measures on network appliances.

"These devices are supposed to secure our networks, but there's no way you can install an AV client on it, or an EDR client, or ask the devices for some fancy logs about what is happening on the device itself," Beek said. "They were just meant to keep the bad guys out and allow traffic in and out in the right way. This lack of visibility is a huge challenge."

In this video interview with Information Security Media Group at Infosecurity Europe 2024, Beek discussed:

  • The surge in zero-day exploits targeting network appliances;
  • Ransomware trends and the role of high ransom payments in funding zero-day purchases;
  • The need for improved detection and response strategies.

Beek has more than 20 years of experience leading and contributing to cybersecurity research, intelligence gathering and data science. At Rapid7, he leads strategic research on gathering threat data and inventing new research techniques.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.