"Hackers Scan for Vulnerabilities within 15 Minutes of Disclosure"
Palo Alto's 2022 Unit 42 Incident Response Report shows that threat actors scan for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed, giving system administrators even less time to patch disclosed security vulnerabilities than previously thought. According to the report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements that they can use to gain initial access to a corporate network or to execute remote code. Even low-skilled attackers can scan the internet for vulnerable endpoints because scanning is not very difficult. They can then sell their findings on dark web markets to more expert hackers who know how to exploit them. The first active exploitation efforts are then seen within a few hours, frequently affecting unpatched systems. Unit 42 uses the unauthenticated Remote Command Execution (RCE) vulnerability CVE-2022-1388, which affects F5 BIG-IP products, as an example. The bug was discovered on May 4, 2022, and according to Unit 42, 2,552 scanning and exploitation attempts were made in the ten hours following the CVE announcement. According to Palo Alto's data, the "ProxyShell" exploit chain was the most used vulnerability for network access in H1 2022, accounting for 55 percent of all recorded exploitation incidents. ProxyShell is an attack that takes advantage of three vulnerabilities identified as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Log4Shell comes in second with 14 percent, followed by various SonicWall CVEs (7 percent), ProxyLogon (5 percent), and the RCE in Zoho ManageEngine ADSelfService Plus (3 percent). Phishing was the preferred method for gaining initial access in 37 percent of cases. In 15 percent of cases, hackers gained access to networks by brute-forcing or using compromised credentials. This article continues to discuss key findings from Palo Alto's 2022 Unit 42 Incident Response Report.
Bleeping Computer reports "Hackers Scan for Vulnerabilities within 15 Minutes of Disclosure"