Exchange Server Attackers Launched Scans Within Five Minutes of Disclosure
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
The
2021 Cortex Xpanse Attack Surface Threat Report from Palo Alto Networks was compiled from scans of 50 million IP addresses associated with 50 global enterprises, carried out January-March 2021.
The report revealed that as soon as new vulnerabilities are announced by vendors, attackers rush to take advantage, utilizing cheap cloud computing power to back their efforts.
“Scans began within 15 minutes after CVE announcements were released between January and March. Attackers worked faster for the Microsoft Exchange Server zero-days, launching scans within five minutes of Microsoft’s March 2 announcement,” the report noted.
PDF
Criminals began to scan the Internet for vulnerable Microsoft Exchange Servers within five minutes of the disclosure of critical zero-day flaws patched in early March, researchers report.
In the 2021 Cortex Xpanse Attack Surface Threat Report, Palo Alto Networks researchers examine threat data from 50 organizations, and some 50 million IP addresses, collected in the first quarter. Their analysis reveals attackers scan to inventory vulnerable Internet assets once per hour and even more often within 15 minutes or less following the disclosure of CVEs. When an exploit is published, the time from then until when we start to see follow-on scanning spike in volume is now just minutes, says Tim Junio, senior vice president of products for Cortex at Palo Alto Networks. That is a huge change from a few years ago.