According to research, hackers start scanning for vulnerable devices 15 minutes after the bug is disclosed


Hackers around the world have resorted to a ridiculously simple tactic where they scan official websites of software vendors for vulnerability announcements and start searching for them in the software’s system within less than 15 minutes of official publication, according to recent research have revealed.

The disclosure comes amid mounting disclosures of vulnerabilities in products used around the world, including cell phones, computers and industrial programming devices. This year alone, several security gaps in Apple products and Microsoft Windows became known.

The study was conducted by Palo Alto Networks, a global leader in cybersecurity solutions. Palo Alto’s research department, Unit 42, has spent the last year researching vulnerabilities and exploits, with results released earlier this week.

According to the regulations, a company is obliged to announce the discovery of new vulnerabilities in its system on its official websites in the public interest. The same practice is exploited by hackers, according to Unit 42.

“Every time a new vulnerability is released, our threat intelligence team sees widespread scanning for vulnerable systems. Our security advisors say they’re also seeing threat actors — from the experienced to the script kiddies — quickly moving to leverage publicly available Proof of Concepts (PoCs) to attempt exploits. The 2021 Attack Surface Management Threat Report found that attackers typically begin scanning for vulnerabilities within 15 minutes of announcing a CVE,” explained Unit 42 in the summary of their report.

While companies only announce new vulnerabilities after patches have been released for them, these patches are only installed when users download them in the form of the latest software updates. The window between installing these patches serves as a gold mine for hackers trying to gain access to as many unpatched devices as possible.

Citing a vulnerability discovered in May of this year, Unit 42 announced that they had installed a threat prevention signature, code that attempts to prevent unauthorized access to devices through the vulnerability that was critical enough to be rated on a scale of 10 rated 9.8 10 is the most serious.

“In just 10 hours, the signature was triggered 2,552 times due to vulnerability scans and active exploit attempts,” revealed Unit 42.

The full report itself is grim reading, as it covers ransomware, compromise of business email, and exploitation of little or no encryption by system managers. It also explains how hackers are now targeting cloud-based storage servers, where companies are backing up their data, and how clouds are easier to hack.

“Right now, threat actors in the cloud don’t have to work very hard to be successful at what they do. They might look around and say, ‘Okay, there’s a door, here are the keys, nobody knows we found them, let’s see if that works. Oh it does!’ Then they take what they think is worth something, leave a ransom note, and knock over some flowerpots on the way out just to add a dash of destruction,” observed Unit 42 Consulting Director Ashlie Blance.

(To receive our e-paper on WhatsApp daily, please Click here. To get it on Telegram please click here. We allow sharing the PDF of the paper on WhatsApp and other social media platforms.)


About Author

Comments are closed.