Offers key insights into the most significant internet software vulnerabilities of the past year
Washington, DC – January 17, 2024 – GreyNoise Intelligence, the cybersecurity company analyzing global internet traffic to distinguish between irrelevant activity, mass scanning, and targeted attacks, today published “Decoding 2023: A GreyNoise Retrospective on Internet Exploitation,” an enormous research effort that delves deep into the most significant internet software vulnerabilities of the past 12 months.
“Our ultimate goal is to make the internet a safer place,” said Andrew Morris, Founder and CEO, GreyNoise Intelligence. “The time between software vulnerabilities becoming public and attackers using them at large scale continues to decrease, but GreyNoise’s approach continues to be effective. We will continue to make our detection network larger and smarter, and share the attacker behaviors we observe with the international cybersecurity community as quickly as possible, so that we can all learn from them and better defend ourselves.”
With a global network of more than 3,100 sensors across over 200 countries, GreyNoise collects, analyzes, and labels data firsthand on Internet Protocol (IP) addresses that scan and attack the internet every day and saturate security tools with noise. GreyNoise tracks hundreds of millions of events per day, and its data provides security teams with an early warning system for mass exploitation attacks on the internet (equaling or surpassing CISA 60% of the time), real-time IP block lists they can use to defend themselves, and the necessary context to quickly eliminate noisy alerts and rule out events from common business services.
In 2023, more than 17.3 million GreyNoise GNQL queries were submitted by security practitioners or integrations from over 195 geolocated source countries. GreyNoise added 290 new detection tags in 2023, representing an increase of over 26% from 2022 and bringing its total number of tags to 1,126. The GreyNoise platform currently tracks 705 CVEs, 259 of which have corresponding references in the CISA KEV catalog.
The top five tags explored in the past twelve months included:
- Citrix Adc NetScaler Information Disclosure Attempt (CVE-2023-4966)
- Huawei HG532 UPnP Worm (CVE-2017-17215)
- RealTek Miniigd UPnP Worm (CVE-2014-8361)
- GPON Router Worm (CVE-2018-10561)
- Netgear Command Injection (CVE-2016-6277)
“As the threat landscape continues to evolve in 2024, GreyNoise will remain vigilant — detecting emerging attacks based on real evidence, rather than merely reacting out of fear, uncertainty, and doubt,” said Bob Rudis, Vice President Data Science, GreyNoise Intelligence. “The integration of the new GreyNoise sensor network with cutting-edge AI and data science technologies is set to revolutionize the way defenders utilize our state-of-the-art threat intelligence. Deploying sensors where targeted attacks occur, and surfacing new attack patterns and clusters as they happen will provide unprecedented views into what industries attackers are targeting, and what new techniques they are using. This combination will empower defenders to stay ahead of threats, focus on patching, mitigation, and response, and ultimately, make the internet a safer place.”
To request a copy of “Decoding 2023: A GreyNoise Retrospective on Internet Exploitation,” please visit: https://www.greynoise.io/resources/2023-greynoise-retrospective-mass-exploitation-report.
About GreyNoise Intelligence
GreyNoise empowers the security teams of enterprises and global governments to act with speed and confidence by providing real-time, verifiable perimeter-based threat intelligence. This allows security teams to reduce noise in security operations, perform in-depth threat hunting campaigns, and focus on the most critical threats to their network. Our patented sensor technology enables us to collect and analyze unique threat data at-scale that no one else can. We provide the most actionable threat intelligence against mass internet scanning and exploitation, so that no attack works twice. For more information, please visit https://www.greynoise.io/, and follow us on Twitter, Mastodon and LinkedIn.
