GreyNoise Intelligence Publishes Second Annual Retrospective to Help International Cybersecurity Community Defend Against Internet Exploitation

Offers key insights into the most significant internet software vulnerabilities of the past year

Washington, DC – January 17, 2024GreyNoise Intelligence, the cybersecurity company analyzing global internet traffic to distinguish between irrelevant activity, mass scanning, and targeted attacks, today published “Decoding 2023: A GreyNoise Retrospective on Internet Exploitation,” an enormous research effort that delves deep into the most significant internet software vulnerabilities of the past 12 months.    

“Our ultimate goal is to make the internet a safer place,” said Andrew Morris, Founder and CEO, GreyNoise Intelligence.  “The time between software vulnerabilities becoming public and attackers using them at large scale continues to decrease, but GreyNoise’s approach continues to be effective.  We will continue to make our detection network larger and smarter, and share the attacker behaviors we observe with the international cybersecurity community as quickly as possible, so that we can all learn from them and better defend ourselves.”

With a global network of more than 3,100 sensors across over 200 countries, GreyNoise collects, analyzes, and labels data firsthand on Internet Protocol (IP) addresses that scan and attack the internet every day and saturate security tools with noise.  GreyNoise tracks hundreds of millions of events per day, and its data provides security teams with an early warning system for mass exploitation attacks on the internet (equaling or surpassing CISA 60% of the time), real-time IP block lists they can use to defend themselves, and the necessary context to quickly eliminate noisy alerts and rule out events from common business services.

In 2023, more than 17.3 million GreyNoise GNQL queries were submitted by security practitioners or integrations from over 195 geolocated source countries. GreyNoise added 290 new detection tags in 2023, representing an increase of over 26% from 2022 and bringing its total number of tags to 1,126.  The GreyNoise platform currently tracks 705 CVEs, 259 of which have corresponding references in the CISA KEV catalog.

The top five tags explored in the past twelve months included:

“As the threat landscape continues to evolve in 2024, GreyNoise will remain vigilant — detecting emerging attacks based on real evidence, rather than merely reacting out of fear, uncertainty, and doubt,” said Bob Rudis, Vice President Data Science, GreyNoise Intelligence.  “The integration of the new GreyNoise sensor network with cutting-edge AI and data science technologies is set to revolutionize the way defenders utilize our state-of-the-art threat intelligence. Deploying sensors where targeted attacks occur, and surfacing new attack patterns and clusters as they happen will provide unprecedented views into what industries attackers are targeting, and what new techniques they are using. This combination will empower defenders to stay ahead of threats, focus on patching, mitigation, and response, and ultimately, make the internet a safer place.”

To request a copy of “Decoding 2023: A GreyNoise Retrospective on Internet Exploitation,” please visit:

About GreyNoise Intelligence

GreyNoise is THE source for understanding internet noise. We collect, analyze and label data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats. GreyNoise is trusted by Global 2000 enterprises, government organizations, top security vendors and tens of thousands of threat researchers. For more information, please visit, and follow us on Twitter and LinkedIn.