✅ Report Title: Detailed Analysis of Recent Vulnerability Trends and Attack Patterns

✅ Executive Summary:

- S2W Threat Intelligence Center (TALON) analyzed the features of vulnerabilities that appeared from 2021 to 2024 and the vulnerability trends within DDW(Deep &Dark Web).

- During this period, a total of 117,450 vulnerabilities with officially assigned CVE IDs were reported. Excluding vulnerabilities marked as ‘Rejected’ due to duplicates, incorrect reports, or CVE reservations for testing purposes, approximately 114,529 vulnerabilities remain.

- When comparing vulnerabilities discovered by year, the number of vulnerabilities reported during the analysis period increased steadily, with 38,201 vulnerabilities discovered in 2024, an increase of approximately 65.6% compared to 2021.

📌 Major CWE Types Analysis

- From 2021 to 2024, the most frequently reported CWE types were CWE-79 (Cross-Site Scripting, XSS), CWE-787 (Out-of-Bounds Write), and CWE-89 (SQL Injection).

- Among the 2,338 vulnerabilities mentioned in DDW based on CWE, the most frequently mentioned CWE type was CWE-787 (Out-of-Bounds Write).

  - Threat actors active in DDW were found to prefer vulnerabilities that are exploitable and can lead to system control over simple and generic vulnerabilities.

📌 Attack Vector Trend Analysis

- Vulnerabilities registered with CVE are classified into 4 attack vectors based on how a threat actor gains access to or penetrates a system.

  - Network: Vulnerabilities that can be exploited remotely via the internet or internal networks (web servers, email, APIs, etc.).

  - Local: Vulnerabilities that can be exploited only with local privileges, such as logging into the system directly or executing malicious files.

  - Adjacent Network: Vulnerabilities that can be exploited only within the same network segment (e.g., Bluetooth, internal network of a router).

  - Physical: Vulnerabilities that can be exploited only when the threat actor has physical access to the system (e.g., USB, hardware manipulation).

- Approximately 71.6% of the vulnerabilities reported during the analysis period were related to network vectors, with the spread of SaaS and cloud infrastructure, the increase in DevOps-based automated environments, and the expansion of API-based communication structures analyzed as the main factors contributing to the increase in network-based vulnerabilities.

📌 Target Product Analysis

- The platform or target Operating System(OS) with the most reported vulnerabilities was Linux, with a total of 5,669 vulnerabilities reported.

  - Linux vulnerabilities primarily involved low-level vulnerabilities occurring at the system level, with kernel memory and resource control-related vulnerabilities such as NULL pointer dereference (CWE-476), Use-After-Free (CWE-416), memory leaks (CWE-401), and race conditions (CWE-362) identified as the main CWE types.

- DDW primarily identified vulnerabilities affecting widely used platforms such as Chrome, Windows, and Android.

📌 Severity Analysis (CVSS Score)

- When comparing CVSS scores by year, the number of reported vulnerabilities has increased across all CVSS score ranges from 2021 to 2024.

- The severity ratings of vulnerabilities mentioned in DDW primarily fall into the HIGH (7.0–8.9) and CRITICAL (9.0–10.0) categories, indicating high-risk vulnerabilities.

✅ Recommended Threat Detection and Mitigation Actions:

- Organizations should continuously identify and manage externally exposed attack surfaces, as these can allow adversaries to exploit vulnerabilities and gain footholds within internal systems.

- Since vulnerabilities mentioned in DDW primarily affect widely used products or operating systems, organizations should promptly apply security patches to major products and OS environments to maintain an up-to-date security posture.

🧑‍💻 Author: S2W TALON

👉 Read the full report: https://bit.ly/4iNUDkH

*The full report is available upon request or with a subscription to the S2W platform.