Hackers Starting To Exploit The Vulnerabilities Within 22 Minutes Of PoC Release

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

The growing tension and global elections in the past year have presented major challenges to internet security, raising the volume of malicious traffic.

Cloudflare cybersecurity researchers presented their Q1 2024 Application Security Report, which illustrated how Cloudflare’s mitigated traffic has averaged 7% on a global scale, with over half being WAF and Bot mitigations.

Besides this, Cloudflare researchers recently reported that hackers exploited the vulnerabilities within 22 minutes of the PoC release.

Hackers Exploiting Vulnerabilities in 22 Minutes

DDoS attacks are still the prevailing threat but targeted CVE exploits are becoming a bigger concern. A third of all traffic is automated, and up to 93% of it can be considered potentially malicious.

API traffic now accounts for 60%, while companies are unaware of one-fourth of their API endpoints. In addition, enterprise sites average 47 third-party integrations.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Cloudflare’s network presently processes 57 million HTTP requests/second (+23.9% YoY) and blocks 209 billion cyber threats daily (+86.6% YoY), illustrating how quickly the threat landscape is transforming.

The Q2 2023 to Q1 2024 report of Cloudflare shows increased application layer traffic mitigation, rising from 6% to 6.8%, with spikes up to 12% during major attacks.

WAF and Bot mitigations are primary contributors, followed by HTTP DDoS rules. 

Zero-day exploits and CVE exploitation are increasing, with some exploits occurring within minutes of disclosure. DDoS attacks remain the most common threat, comprising 37.1% of mitigated traffic. 

In Q1 2024 alone, Cloudflare mitigated 4.5 million unique DDoS attacks, a 32% increase from 2023. Attack motives range from financial gains to political statements. 

DDoS attacks are now mostly targeting the gaming and gambling sectors. Cloudflare continues to invest in bot detection systems, including AI bot blocking and privacy-preserving CAPTCHA alternatives.

Zero-day exploits and rapid weaponization of disclosed CVEs are rising, with 97 zero-day exploits exploited in 2023 and a 15% increase in disclosed CVEs from 2022. 

Cloudflare observed primarily scanning activities and command injections, with attackers targeting vulnerabilities with available PoCs, including those affecting:-

  • Apache (CVE-2023-50164 & CVE-2022-33891)
  • Coldfusion (CVE-2023-29298, CVE-2023-38203, and CVE-2023-26360)
  • MobileIron (CVE-2023-35082)

A notable example is the exploitation attempt of CVE-2024-27198 (JetBrains TeamCity authentication bypass) occurring just 22 minutes after the PoC was published.

JetBrains TeamCity authentication bypass timeline (Source – Cloudflare)

31.2% of traffic processed through Cloudflare is made up of bots, and this trend has been ongoing for the last three years. Some serve legitimate purposes, while others disrupt or cause harm.

Bot verification, however, makes them safe like search engine crawlers, unlike unverified ones, which often target industries for financial gains.

Traffic from APIs now amounts to 60% of all internet traffic, a 2% increase from last year, with security systems contributing 4%.

Organizations underestimate their API exposure by an average of 33% more public-facing endpoints than known. Web applications use third-party scripts extensively; an average enterprise customer uses 47 such scripts.

As, on average, each enterprise website connects to about 50 third-party destinations, it is possible that these integrations can also pose some security risks.

This complex ecosystem involving bots, APIs, and third parties continues to challenge application security over time.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo