Reduce the time it takes pirates to hunt down victims
About 15 minutes after the vulnerability was discovered, hackers began scanning information systems for attacks.
According to the Crisis Response 2022 report published by cybersecurity firm Palo Alto, the increasing speed at which hackers are launching attacks means that system administrators have less and less time to patch security gaps. The data shows that 15 minutes after a vulnerability is listed on the CVE list, hackers start scouring the Internet for systems that still have the vulnerability.
follow up A shiny computer, the scanning process is not very complicated, so even inexperienced hackers can use it to find potential targets. They then sell their findings on the black market, where hackers can exploit them. In the next few hours, the first victims with such systems were fixed, but the patch did not bring much value.
“This is a race between defenders and attackers. The margin of delay on both sides is getting smaller every year,” the site speculated.
For example, CVE-2022-1388, a remote command execution vulnerability in F5 BIG-IP products, was discovered by monitoring tools 10 hours after its release on May 4th. It performs over 2,500 hacker scans and attacks on systems. around the world.
The Palo Alto report shows that hackers are exploiting vulnerabilities in large attack surfaces, which are platforms used by many customers. For example, in the first half of the year, more than 55% of attacks targeted Microsoft Exchange Server’s ProxyShell vulnerability and 14% of attacks targeted the Log4Shell vulnerability.
According to experts, system administrators are being put under more pressure by attacks as the detection and processing speed is getting shorter and shorter. The simplest and most important solution is to hide systems from the internet or connect only via virtual private networks, limiting the number of administrators and access to the server. This approach helps increase the time it takes to update software and fix vulnerabilities.