Scans for vulnerable PCs start 15 minutes after vulnerability is detected

Scans for vulnerable PCs start 15 minutes after vulnerability is detected

Security researchers at Unit 42 of IT security company Palo Alto Networks have warned that attackers are always keeping an eye on existing security gaps and that attacks are being carried out faster and faster. Admins can hardly keep up with patching.

They also feature in their “Incident Response Report 2022” among other things.The most common methods used by attackers to break into company networks and which vulnerabilities have been particularly popular in recent months.

Security researchers say cybercriminals constantly monitor portals announcing security vulnerabilities. The interval is marked with a CVE number and can be identified with it. According to him, if a new number appears, the scan for previously unpatched and therefore vulnerable systems usually starts after 15 minutes.

As an example, they take the “critical” vulnerability (CVE-2022-1388) in the BIG-IP system from F5. In this case, 2552 scans and exploit attempts are said to occur within ten hours of the vulnerability being known.

In addition, the researchers caution against the use of end-of-life software (EOL), which no longer receives support in the form of security updates. They write that 32 percent of vulnerable organizations are using an older and vulnerable version of the Apache web server.

To gain a foothold in corporate networks, attackers use phishing 37 percent of the time. For example, they may also obtain access data from employees through fake emails. In 31 percent of cases, unauthorized access is achieved by successfully exploiting security gaps, the researchers explain.

See also  Sunday Question: JEDEC, XMP Profile or Actual Overclocking?

According to him, ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) in Exchange Server have been exploited the most in 2022 at 55 percent. ,Critical“The Java logging library Log4j has lag with 14 percent.

Companies should take these numbers seriously and think about expanding the security department, including patch management. Basically, it is often a matter of time before an IT security incident occurs in a company.


(of)

on home page

LEAVE A REPLY

Please enter your comment!
Please enter your name here