Hackers scan for vulnerabilities within just 15 minutes
Palo Alto's 2022 Unit 42 Incident Response Report has revealed that system administrators have only 15 minutes to patch disclosed security vulnerabilities. This is less time than previously thought, meaning that system administrators, network admins and security professionals are under additional pressure, on top of trying to keep up with the latest security threats and OS issues.
"The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," a companion blog post stated.
Palo Alto’s report also found that the most exploited vulnerability for network access in H1 2022 was the “ProxyShell” exploit chain, which accounted for 55 per cent of the total recorded exploitation incidents. This was followed by Log4Shell with 14 per cent.
Jen Miller-Osborn, Unit 42 Deputy Director of Threat Intelligence said: “Log4Shell is not the first vulnerability garnering significant public interest, and it almost certainly won’t be the last. That’s why it’s important to look at Log4Shell both as a standalone vulnerability that demands discrete analysis and reflection, and as the latest in a string of national-level vulnerabilities that impact federal systems, critical infrastructure, and state and local networks alike.”
Following on from Log4Shell, various SonicWall CVEs accounted for 7 per cent of incidents, ProxyLogon for 5 per cent, while the RCE in Zoho ManageEngine ADSelfService Plus accounted for 3 per cent of the cases. These figures show that the majority of the exploitations are captured by semi-old flaws, rather than the most recent ones.
The report revealed that phishing was the preferred method of gaining initial access in 37 per cent of cases, followed by the use of brute-forcing. Compromised credentials were the chosen method for 15 per cent of cases, while a further 10 per cent of the incidents were achieved by using social engineering tricks against privileged employees or bribing a rogue insider to aid in network access.
