Hackers perform scans for vulnerable devices within minutes after new vulnerabilities are disclose.
Every hour, a threat actor initiates a new scan on the world wide web in search for vulnerable systems, making every effort to beat global enterprises to do the same. The attackers speed up their ‘work’ significantly at times when new vulnerabilities emerge, resulting in internet-wide scans taking place within minutes after the disclosure.
These threat actors work untiringly towards finding new victims and winning the race to patched vulnerable victims. While organizations strive to detect issues on their networks before it’s too late, it is found that they move at a much slower rate.
The data was gathered and made available by the Palo Alto Networks Cortex Xpanse research team, who closely monitored scans from 50 million IP addresses of 50 global enterprises, some of them being Fortune 500 companies.
The researchers found that companies usually took about 12 hours to detect a new, serious vulnerability. That was in stark contrast to the threat actors’ scan frequency of an hour on average, which they increased to every 15 minutes when they got news of a remotely exploitable, critical bug in a network device; when ProxyLogon bugs in Microsoft Exchange Server and Outlook Web Access (OWA) issues were disclosed, the rate dropped to as low as 5 minutes.
One possible explanation for the delay in identifying potential risks could be an unsound vulnerability management process that relies on a database of known vulnerabilities. Sanners using this database won’t detect new issues the database receives an update which may take hours, or even days in some cases.
On the other hand, attackers take advantage of the cheap cloud computing technology that allows them to run internet wide scans.
This is why a layered security approach is crucially important to ensure the safety of your systems at all times. Contact us today for a face to face about how we an better protect your business.