2022 Vulnerability Intelligence Report

Security, IT, and other teams tasked with vulnerability management and risk reduction operate in high-urgency, high-stakes environments where informed decision-making hinges on the ability to quickly find signal in a sea of perpetual noise. When a new potential threat emerges, information security professionals often find themselves needing to translate vague descriptions and untested research artifacts into actionable intelligence for their own particular risk models.

Rapid7 researchers analyze thousands of vulnerabilities each year to understand root causes, dispel misconceptions, and share information on why certain flaws are more likely to be exploited than others.

Rapid7’s Vulnerability Intelligence Report examines notable vulnerabilities and high-impact attacks from 2022 in order to highlight exploitation trends, explore attacker use cases, and offer a framework for understanding new security threats as they arise. Our aim is to contextualize the vulnerabilities that introduce serious risk to a wide range of organizations.

The report examines 50 vulnerabilities that pose considerable risk to organizations of all sizes. In total, this report includes 45 vulnerabilities that were exploited in the wild in 2022, of which 44% arose from zero-day exploits.

2022 findings include:

• Widespread exploitation of new vulnerabilities decreased somewhat in 2022, but broad, opportunistic attacks still drove considerable risk. Rapid7’s vulnerability research team tracked 28 net-new widespread threats in 2022, a 15% decrease in widespread threats from 2021.
• Zero-day exploitation was still a significant threat in 2022, though we saw a modest decline in mass zero-day attacks. 43% of the widespread threats Rapid7 researchers analyzed in 2022 began with a zero-day exploit, down from 52% in 2021.
• Attackers are still developing and deploying exploits faster than ever. 56% of the vulnerabilities in this report were exploited within seven days of public disclosure — a 12% rise over 2021 and an 87% rise over 2020.
• Only 14 of the vulnerabilities in this report are known to have been exploited to carry out ransomware attacks — a significant (33%) decrease from 2021 despite consistent ransomware activity. This may indicate that ransomware operations have become less reliant on new vulnerabilities, but it may also stem from other factors, like lower reporting of ransomware incidents.
• Other vulnerability and exploit trends examined in this report include ransomware ecosystem complexity, privilege escalation from the network perimeter, and the long tail of exploitation across older vulnerabilities.