Hackers scan for vulnerable devices 15 minutes after bug disclosure, says research

Hackers scan for vulnerable devices 15 minutes after bug disclosure, says research

The research was conducted by Palo Alto Networks, a global leader in cybersecurity solutions.

Gautam S. MengleUpdated: Sunday, July 31, 2022, 09:15 PM IST
Photo: Representative Image

Hackers around the world have resorted to a ridiculously simple tactic where they scan official websites of software vendors for announcements of vulnerabilities and start scanning for them in the software's system within as less as 15 minutes of the official disclosure, latest research has revealed.

The revelation comes amidst ever-increasing disclosures of vulnerabilities in globally used products, including cell phones, computers and industrial programming devices. This year alone, multiple vulnerabilities have come to light in Apple products as well as Microsoft Windows.

The research was conducted by Palo Alto Networks, a global leader in cybersecurity solutions. Palo Alto's research wing, Unit 42, did a deep dive into vulnerabilities and their exploitation over the last one year, the results of which were made public earlier this week.

As per rules, a company is obliged to announce discoveries of new vulnerabilities in their system on their official websites in the public interest. This same practice is exploited by hackers, Unit 42 states.

"Anytime a new vulnerability is publicized, our threat intelligence team observes widespread scanning for vulnerable systems. Our security consultants say they’re also seeing threat actors – ranging from the sophisticated to the script kiddies – moving quickly to take advantage of publicly available Proof of Concepts (PoCs) to attempt exploits. The 2021 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," Unit 42 stated in the executive summary of their report.

While companies announce new vulnerabilities only after patches for the same are released, these patches are only installed when users download them in the form of the latest software updates. The time window between the installation of these patches serves as a goldmine for hackers, who try to gain access to as many unpatched devices as possible.

Citing a vulnerability discovered in May this year, Unit 42 revealed that they had installed a threat prevention signature, a code that attempts to prevent unauthorised access to devices through the vulnerability, which was so critical that it rated 9.8 on a scale of 10, with 10 being the most serious.

"Within just 10 hours, the signature triggered 2,552 times due to vulnerability scanning and active exploitation attempts," Unit 42 revealed.

The full report itself makes for grim reading, delving into ransomware, business email compromise and exploitation of little or no encryption on part of systems managers. It also explains how hackers are now going after cloud-based storage servers, where companies back up their data, and how clouds are easier to hack.

"Right now, threat actors in the cloud don't have to try very hard to be successful at what they do. They may look around and say, 'Okay, there is a door, here are the keys, nobody even knows we found them. Let's see if this works. Oh, it does!' Then they take what they think is worth something, leave a ransom note, and kick over a few flower pots on the way out, just to add a dash of destruction," observed Ashlie Blance, Consulting Director at Unit 42.

(To receive our E-paper on WhatsApp daily, please click here.  To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)