System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.
According to Palo Alto's 2022 Unit 42
Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.
However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited.
"The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," reads a companion
blog post.
Since scanning isn't particularly demanding, even low-skilled attackers can scan the internet for vulnerable endpoints and sell their findings on dark web markets where more capable hackers know how to exploit them.
Then, within hours, the first active exploitation attempts are observed, often hitting systems that never had the chance to patch.
Unit 42 presents
CVE-2022-1388 as an example, a critical unauthenticated remote command execution vulnerability impacting F5 BIG-IP products.
The flaw was disclosed on May 4, 2022, and according to Unit 42, by the time ten hours had passed since the announcement of the CVE, they had recorded 2,552 scanning and exploitation attempts.
This is a race between defenders and malicious actors, and the margins for delays on either side are dwindling with every year that passes.
