Hackers have accelerated from the publication of data on vulnerabilities
Software

Hackers have accelerated: from the publication of data on vulnerabilities to the start of attacks on them, it takes no more than 15 minutes

As showed A new study shows that administrators of large network resources have very little time to protect themselves against new security vulnerabilities in their systems. As soon as information about new vulnerabilities is published on the web, attackers start looking for them within 15 minutes. This business does not require professionals. Primary data can be collected by amateurs who then sell the collected information on the dark web.

    Image source: bleedingcomputer.com

Image source: bleedingcomputer.com

According to Unit 42’s 2022 Incident Response Report, hackers are constantly on the lookout for announcements from developers and security researchers on vulnerability detection. “The Attack Surface Management Threat Report 2022 found that attackers typically begin searching for vulnerabilities within 15 minutes of declaring a CVE,” says an accompanying blog post about the company.

The first attempts to exploit new vulnerabilities are observed within hours of public disclosure, allowing attackers to gain access to the compromised resources before patches with fixes are installed. As an example, analysts cite the speed with which hackers respond to the CVE-2022-1388 vulnerability in F5’s BIG-IP products. The vulnerability was reported on May 4, 2022 and 10 hours after publication, 2552 attempts to scan and exploit the vulnerability were recorded.

    Image source: Unit 42

Image source: Unit 42

An analysis of the attack methods also provided an interesting picture. The report states that in the first half of 2022, the most commonly exploited system access vulnerabilities were the exploit chain ProxyShell, which accounted for 55% of all reported hacks. ProxyShell is an attack that combines three vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207.

It’s funny to note though “Vulnerability of Decades” – Log4Shell – came in second with a share of 14%. Another 7% of the attacks are variations of SonicWall, 5% are ProxyLogon and RCE in Zoho ManageEngine ADSelfService Plus was used in 3% of the cases. It’s easy to see that vulnerabilities that aren’t entirely new are being exploited. The technique has already been developed and does not require many skills. However, this does not mean that new vulnerabilities are conditionally secure. First of all, these are vulnerabilities in the most secure systems, whose administrators respond most quickly to threats. It is precisely such systems that professional hackers attack in the first few hours, hoping for a delayed reaction from the administrators.

    Image source: Unit 42

Image source: Unit 42

About a third of the cases of the first intrusion into vulnerable systems can be traced back to gaps in the software. With phishing, you can enter 37% of hacking cases. “Brutal” logins and compromised credentials account for another 15% overall. Social engineering methods and bribery account for another 10% of incidents. It follows that the patching race against time is only important for legitimate networks, while ordinary users part with confidential data mainly through negligence or inattention.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment