27 July 2022

Threat actors start scanning for vulnerabilities within 15 minutes of a CVE public disclosure


Threat actors start scanning for vulnerabilities within 15 minutes of a CVE public disclosure

Malicious actors are increasingly quick to exploit high-profile zero-day vulnerabilities, with the scanning starting within15 minutes of a new CVE being publicly disclosed, a new report from Palo Alto's Unit 42 has revealed.

Based on the collected data on more than 600 incident response cases, the researchers concluded that software vulnerabilities remain one of the top initial access vectors for threat actors (31% of the analyzed cases), second only to phishing at 37%. Other access vectors include brute-force credential attacks (9%), previously compromised credentials (6%), insider threat and social engineering (5%), abuse of trusted relationships/tools (4%).

The reports says that the most exploited vulnerabilities for network access in H1 2022 are the three ProxyShell vulnerabilities (55%), Log4j (14%), SonicWall CVEs (7%), ProxyLogon (5%), Zoho ManageEngine ADSelfService Plus (4%), Fortinet CVEs (3%).

“While some threat actors continue to rely on older, unpatched vulnerabilities, we’re increasingly seeing that the time from vulnerability to exploit is getting shorter. In fact, it can practically coincide with the reveal if the vulnerabilities themselves and the access that can be achieved by exploiting them are significant enough,” the researchers wrote in a blog post.

Additionally, end-of-life (EoL) systems remain unpatchable and available to an opportunistic attacker for exploitation, they noted. According to the report, nearly 32% of exposed organizations are running the EoL version of Apache Web Server, which is open for remote code execution courtesy of the CVE-2021-41773 and CVE-2021-42013 vulnerabilities.

Back to the list

Latest Posts

Cyber Security week in review: December 2, 2022

Cyber Security week in review: December 2, 2022

The world in brief: Samsung, LG, Mediatek certificates used to sign Android malware, researchers detail new exploit framework, and more.
2 December 2022
Security researchers unintentionally crash KmsdBot botnet

Security researchers unintentionally crash KmsdBot botnet

The malware lacked an error-checking mechanism, which allowed the researchers to deactivate it.
1 December 2022
New Heliconia framework exploits n-day flaws in Chrome, Firefox and Microsoft Defender

New Heliconia framework exploits n-day flaws in Chrome, Firefox and Microsoft Defender

The researchers have linked the framework to a Spain-based software company.
1 December 2022