Hackers scan for vulnerabilities within 15 minutes of disclosure


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.

According to Palo Alto's 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.

However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited.

"The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," reads a companion blog post.

Since scanning isn't particularly demanding, even low-skilled attackers can scan the internet for vulnerable endpoints and sell their findings on dark web markets where more capable hackers know how to exploit them.

Then, within hours, the first active exploitation attempts are observed, often hitting systems that never had the chance to patch.

Unit 42 presents CVE-2022-1388 as an example, a critical unauthenticated remote command execution vulnerability impacting F5 BIG-IP products.

The flaw was disclosed on May 4, 2022, and according to Unit 42, by the time ten hours had passed since the announcement of the CVE, they had recorded 2,552 scanning and exploitation attempts.

This is a race between defenders and malicious actors, and the margins for delays on either side are dwindling with every year that passes.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.