Hackers around the world have resorted to a ridiculously simple tactic where they scan official websites of software vendors for announcements of vulnerabilities and start scanning for them in the software’s system within as less as 15 minutes of the official disclosure, latest research has revealed.
The revelation comes amidst ever-increasing disclosures of vulnerabilities in globally used products, including cell phones, computers and industrial programming devices. This year alone, multiple vulnerabilities have come to light in Apple products as well as Microsoft Windows.
Threat actors are actively scanning for vulnerable endpoints within a period of just 15 minutes once a new Common Vulnerabilities and Exposures (CVE) document is published, according to Palo Alto’s 2022 Unit 42 Incident Response Report.
The report stresses how hackers are always scanning software vendor bulletin boards, which is where vulnerability announcements are disclosed in the form of CVEs.
From here, these threat actors can potentially exploit these details in order to infiltrate a corporate network. It also gives them an opportunity to distribute malicious code remotely.
With hackers becoming more dangerous than ever in recent years, it can take them mere minutes to find a weak point in their target’s system. This is naturally made much easier if they’re aided by a report detailing what exactly can be exploited.
Simply put, system administrators will basically have to expedite their process in addressing the security defects and patch them before the hackers manage to find a way in.
Besides, scanning doesn’t require a threat actor to have much experience in the activity to be effective. In fact, anyone with a rudimentary understanding of scanning CVEs can perform a search on the web for any publicly disclosed vulnerable endpoints.
They can then offer such information on dark web markets for a fee, which is when hackers who actually know what they’re doing can buy them.
Activity involving hackers, malware, and threat actors in general has evolved at an aggressive rate in recent months. For example, individuals and groups have found a way to plant malicious code onto motherboards that is extremely difficult to remove. Even the Microsoft Calculator app isn’t safe from exploitation.
With system administrators, network admins, and security professionals already under significant stress as they try to keep up with the latest security threats and OS issues, the speed at which threat actors target their devices just intensifies pressure.
Thereby, it is vitally important to keep devices off the Internet if possible, and only expose them through VPNs or other security gateways. By restricting access to servers, admins not only reduce the risk of exploits, but provide additional time to apply security updates before the vulnerabilities could be targeted internally.
However, some servers need to be publicly exposed, requiring admins to tighten security as much as possible through access lists, exposing only the necessary ports and services, and applying updates as quickly as possible.
While quickly applying a critical update may lead to downtime, this is much better than the cyberattack aftermath.