Cybercriminals are launching real-world attacks within days of security researchers publishing proof-of-concept (POC) code and blasting the internet with requests looking to capitalize on unpatched devices.
Security researchers at Trustwave deployed honeypots in Russia, Ukraine, Poland, UK, China, and the United States at the beginning of the year. These devices were made to look like they hosted common enterprise applications.
During the first half the year the devices were scanned by over 38,000 unique IP addresses.
25% of the traffic consisted of Exploit Scans / reconnaissance
19% of the traffic was exploitation attempts
One POC was only 6 days old before being implemented by attackers
From Trustware:
"It's essential to stay aware of the constant stream of newly discovered vulnerabilities, take proactive measures, and apply patches promptly to minimize the window of opportunity for threat actors."
Takeaways:
You need to pay attention to patches, the cybercriminals clearly are.
The time available to patch before exploits begin is getting shorter.
There really is no “security through obscurity”. If a device is exposed to the internet, it’s getting probed frequently.
Definitions:
Honeypot - A cybersecurity technique used to detect, deflect, or study unauthorized access or attacks on a network or system. It involves setting up a decoy system or network that appears to be attractive to potential attackers. The honeypot is designed to gather information about the attackers' methods and motives, allowing security professionals to better understand and mitigate potential threats.
Security through obscurity - The practice of relying on the secrecy or complexity of a system or component as the primary means of protecting it from unauthorized access or exploitation. This is considered to be an ineffective approach to security, as it does not address the underlying vulnerabilities of a system and can give a false sense of security.
Proof of Concept (POC) - A small-scale implementation or test that validates the vulnerability's presence and provides a practical demonstration of how it can be exploited. POCs are commonly used by security researchers and ethical hackers to illustrate the potential impact of a vulnerability and to encourage timely remediation. They help organizations understand the severity of a vulnerability and motivate them to take appropriate actions to mitigate the risk.
Sources: Trustwave, DarkReading
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.