Hackers Are Exploiting Publicly Disclosed Bugs Within 15 Minutes

To explain how faster the hackers are getting to exploit publicly disclosed vulnerabilities, Palo Alto’s Unit 42 researchers shared an example of a critical RCE bug in F5 BIG-IP products, where they noted hackers are jumping into action within 15 minutes of disclosure.

They warned that software vendors and system admins have very less time to patch any bugs they have in their products since there are hackers in the wild actively looking to exploit them.

Jumping Right Into Action

Researchers at Palo Alto’s Unit 42 team noted in their 2022’s Incident Response Report that black hats are so fast in exploiting the security bugs when they’re publicly disclosed. They’re constantly looking for the announcements made on software vendor bulletin boards for new vulnerabilities and leveraging them immediately.

Anything detected will make them jump immediately into action by scanning the web first, even my low-skilled attackers who then share their findings on dark web markets – purchased by professional hackers to exploit them.

Researchers explained the scenario with an example of CVE-2022-1388 – a critical unauthenticated remote command execution vulnerability in F5 BIG-IP products, disclosed on May 4, 2022. Ten hours after the CVE was published, Unit 42 researchers recorded 2,552 scanning and exploitation attempts.

With every year passing on, this race is getting tougher since the time between software vendors making patches vs hackers exploiting them is reducing.

Researchers also noted that the ProxyShell exploits chain has accounted for 55% of the total recorded exploitation incidents in H1 2022, followed by Log4Shell with 14%, several SonicWall CVEs with 7%, ProxyLogon with 5%, and the RCE bugs in Zoho ManageEngine ADSelfService Plus with 3%.

Warning the vendors and system admins, researchers noted few measures on keeping the networks and devices safe against any exploitations. Following tips like exposing needed machines only through VPNs, severely restricting the access to needed persons, and updating systems regularly may avoid many of the attacks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here