A new Bugcrowd report has revealed significant increases in the number of critical vulnerabilities reported in 2021.
The company's 2022 Priority One report[1] covers a variety of security trends over the last year. The report said their platform experienced a 185% increase in the last 12 months for Priority One (P1) submissions with financial services companies. Bugcrowd said P1 submissions involve vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, and more. Overall, P1 vulnerabilities increased 186% in 2021.
Bugcrowd founder Casey Ellis added that the global shift to remote work prompted organizations to put more assets online. That led to more investment in ethical hackers, and Bugcrowd saw that 24% of all valid submissions for the year involved P1 and P2 threats. P2 threats are vulnerabilities that affect the security of software and impact the processes it supports.
Ellis noted that nation-state hackers have also become far more brazen and less concerned about stealth, using attacks on known vulnerabilities far more frequently in 2021.
"Significantly, we've seen a democratization of such threats due to an emerging ransomware economy and a continued blurring of lines between state actors and e-Crime organizations," Ellis said. "All of which, combined with growing and more lucrative attack surfaces, have made for a highly combustible environment. In 2022, we expect more of the same."
Even P3 submissions, which involve vulnerabilities that affect multiple users and require little or no user interaction to trigger, saw year-over-year increases in 2021.
Submissions were up 82% overall while payouts for those submissions were up 106%. The software sector saw total payouts increase by 73% as well. Submissions for the government sector were up 1000% in 2021 through Q3 compared to 2020.
Bugcrowd also found that cross site