According to a new analysis released on the level and volume of vulnerabilities in 2020, the total number of CVEs (Common Vulnerabilities and Reports) reported last year was 6% higher than the total reported in 2019. An annual evaluation report by the response team security of Tenable reports that 18.358 CVEs were reported in 2020, while in 2019 17.305 were reported. Although the increase between 2019 and 2020 may seem small, the team found that from 2015 to 2020, the number of CVEs reported increased by 183% - from 6.487 to 18.358.
In particular, the researchers noted that in the last three years there have been more than 16.000 CVEs per year. Among the vulnerabilities revealed in 2020 were 29, which Tenable described as net-new zero-day vulnerabilities. Of the 29 vulnerabilities, over 35% were vulnerabilities associated with browsers, while almost 29% were found in operating systems systems. Font libraries were also popular, accounting for almost 15% of zero-day vulnerabilities.
According to Infosecurity Magazine, looking at which points of the year critical CVEs were reported, the researchers revealed what they called CVE Season which coincided with the summer season. In particular, they noted that the period from June to August 2020 was particularly unique for both the net volume and the number of critical CVEs notifications. 547 defects were revealed during the summer months, including significant disclosures in F5, Palo Alto Networks, PulseSecure, vBulletin and more.
In addition, an analysis of data CVEs for breach trends report that from January to October 2020, 730 such reported incidents resulted in the reporting of more than 22 billion files. From the industries affected by violations, health care and education accounted for the largest share, accounting for 25% and 13% of violations, respectively. Governments as well as its industry technology was also among the "popular" targets, accounting for 12,5% and 15,5% of violations respectively.
It is worth noting that the ransomware was the most popular attacker in 2020, reporting 259 incidents. The compromise through e-mail was the cause of 105 violations, while unsafe data led to 83 security incidents. However, for 179 data breaches the root cause was unknown.
Its global pandemic COVID-19 has been repeatedly used as "bait" by cybercriminals to deceive unsuspecting victims. By the first two weeks of April 2020, 41% of organizations had experienced at least one cyberattack involving malware ή Phishing.