5 minutes after the official bug report, hackers start looking for vulnerable devices

Experts from Palo Alto Networks have calculated that 5 minutes after the official announcement of the bug, the criminals are already looking for vulnerable devices. On average, every hour, attackers start new scans looking for vulnerable systems, and in general are much faster than companies that take time to fix bugs.

To compile these statistics, Palo Alto Networks experts studied various scans of 50,000,000 IP addresses of 50 global enterprises, some of which are on the Fortune 500, from January to March 2021.

It found that, on average, it took companies about 12 hours to discover and patch a major new vulnerability.

Moreover, almost a third of the identified problems are related to RDP, which is a common target of ransomware, since they can use it to gain administrative access to servers. Misconfigured database servers, zero-day vulnerabilities in mission-critical Microsoft and F5 products, and insecure remote access (Telnet, SNMP, VNC) round out the list of common problems.

In turn, attackers often increase the frequency of their scans to 15 minutes when messages appear about a new critical vulnerability that are available for remote exploitation. Moreover, in some cases, hackers act even faster: for example, it took them only about 5 minutes to start scans, after detecting ProxyLogon errors in Microsoft Exchange Server and Outlook Web Access (OWA) problems.

Recall that we wrote that reserchers discovered in Google Cloud, AWS, and Azure Explore 34 Million Vulnerabilities. And that most of the exploits for 0-Day vulnerabilities are developed by private companies.