Hackers are now moving faster than ever when it comes to scanning vulnerability announcements from software vendors.
Threat actors are actively scanning for vulnerable endpoints within a period of just 15 minutes once a new Common Vulnerabilities and Exposures (CVE) document is published, according to Palo Alto’s 2022 Unit 42 Incident Response Report.
As reported by Bleeping Computer, the report stresses how hackers are always scanning software vendor bulletin boards, which is where vulnerability announcements are disclosed in the form of CVEs.
From here, these threat actors can potentially exploit these details in order to infiltrate a corporate network. It also gives them an opportunity to distribute malicious code remotely.
“The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced,” the blog post from Palo Alto’s Unit 42 states.
With hackers becoming more dangerous than ever in recent years, it can take them mere minutes to find a weak point in their target’s system. This is naturally made much easier if they’re aided by a report detailing what exactly can be exploited.
Simply put, system administrators will basically have to expedite their process in addressing the security defects and patch them before the hackers manage to find a way in.
Bleeping Computer highlights how scanning doesn’t require a threat actor to have much experience in the activity to be effective. In fact, anyone with a rudimentary understanding of scanning CVEs can perform a search on the web for any publicly disclosed vulnerable endpoints.
They can then offer such information on dark web markets for a fee, which is when hackers who actually know what they’re doing can buy them.
Case in point: Unit 42’s report mentioned CVE-2022-1388, a critical unauthenticated remote command execution vulnerability that was affecting F5 BIG-IP products. After the defect was announced on May 4, 2022, a staggering 2,552 scanning and exploitation attempts were detected within just 10 hours of the initial disclosure.
During the first half of 2022, 55% of exploited vulnerabilities in Unit 42 cases are attributed to ProxyShell, followed by Log4Shell (14%), SonicWall CVEs (7%), and ProxyLogon (5%).
Activity involving hackers, malware, and threat actors in general has evolved at an aggressive rate in recent months. For example, individuals and groups have found a way to plant malicious code onto motherboards that is extremely difficult to remove. Even the Microsoft Calculator app isn’t safe from exploitation.
This worrying state of affairs in the cyber security space has prompted Microsoft to launch a new initiative with its Security Experts program.