Coalition, a provider of cyberinsurance, today published a report that predicted a 13% increase in the average number of vulnerabilities disclosed per month in 2023.

The report estimated more than 1,900 additional Common Vulnerabilities and Exposures (CVEs) per month will be disclosed in 2023, including 270 high-severity and 155 critical-severity vulnerabilities.

The report also noted the most CVEs are exploited within 90 days of public disclosure, with the majority exploited within the first 30 days.

Tiago Henriques, vice president of security research for Coalition, said the report suggested that while cybercriminals are not in an immediate rush to exploit new vulnerabilities, it’s only a matter of time before most CVEs are exploited. IT teams that promptly apply patches will thwart most of those attacks, he added. While it may take time for cybercriminals to develop an exploit, Henriques noted that scans involving attack vectors often emerge shortly after a proof-of-concept of a vulnerability is created. That suggests cybercriminals are closely monitoring cybersecurity research, he noted.

Nevertheless, it’s apparent cybercriminals are not generally in a hurry to develop new exploits because most the techniques and tactics they use today are still generally effective, noted Henriques. Based on an analysis of data collected from honeypots deployed by Coalition, the report, for example, found a full 94% of organizations scanned in the last year also have at least one unencrypted service exposed to the Internet, with the remote desktop protocol (RDP) being the most often scanned.

Collectively, Coalition has scanned more than 5.2 billion IP addresses to analyze more than 22,000 events to create its report. Elasticsearch and MongoDB databases have a high rate of compromise, the report found. In 2022, Coalition detected a total of 4,962,164 IP addresses running Elasticsearch. Out of those, it found a total of 22,846 databases had been ransomed throughout the year, with a total of 140 TB of data exposed to the internet with no authentication consisting of 178,902,591,446 documents. A total of 264,408 IP addresses running MongoDB instances were found in 2022, with 68,423 of them being hacked. In total, 9.7TB of data was exposed in MongoDB without authentication, the report found.

In general, cyberinsurance providers are attempting to become more proactive about providing cybersecurity services in the event of an incident as part of an effort to reduce costs, noted Henriques. However, it’s still up to each client to determine whether to ransom their data or attempt to recover a pristine copy of their data. Hacking a consistent set of backup and recovery processes is now a requirement for any cyberinsurance policy, he noted.

In theory, those more stringent requirements should improve the overall state of cybersecurity as organizations invest more in cybersecurity tools and platforms to qualify for insurance. In effect, cyberinsurance is now helping to improve cybersecurity rather than being seen as an alternative to investing in it. Of course, the primary reason that shift is occurring now has a lot to do with the losses that insurance carriers have racked up in the last few years than any sense of commitment to the greater good.

Recent Articles By Author

• Futurum Group Report Sees Cybersecurity Spending Reaching $521.7B by 2031
• Survey: Organizations Take Too Long to Fix Application Vulnerabilities
• HackerOne Unveils Agentic AI Platform to Discover and Validate Vulnerabilities Faster

More from Michael Vizard