Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed>
ZD Net – Liam Tung
Attackers are becoming faster at exploiting previously undisclosed zero-day flaws, according to Palo Alto Networks.

Among this group are 2021’s most significant flaws, including the Exchange Server ProxyShell and ProxyLogon sets of flaws, the persistent Apache Log4j flaws aka Log4Shell, the SonicWall zero-day flaws, and Zoho ManageEngine ADSelfService Plus.

Another major flaw that had attackers swiftly scanning the internet for affected devices was F5’s critical bug in its Big-IP software, which Cybersecurity and Infrastructure Security Agency (CISA) added to its growing Known Exploited Vulnerabilities Catalog in May. Palo Alto Networks saw 2,500 scans for it within 10 hours of it rolling out a signature for the flaw.

While phishing remains the biggest method for initial access, accounting for 37% of IR cases, software vulnerabilities accounted of 31%. Brute-force credential attacks (like password spraying) accounted for 9%, while smaller categories included previously compromised credentials (6%), insider threat (5%), social engineering (5%), and abuse of trusted relationships/tools (4%).

Over 87% of the flaws identified as the source of initial access fell into one of six vulnerability categories.

The most common initial access flaws were the Exchange Server ProxyShell flaws at 55% of cases it responded to. Microsoft raced out patches for ProxyShell and the related ProxyLogon flaws in early 2021, but they became the top target for several threat actors, including the Hive ransomware gang.

Log4j only made up 14% of Palo Alto’s cases, followed by SonicWall’s flaws (7%), ProxyLogon (5%), Zoho ManageEngine (4%), and FortiNet (3%). Other vulnerabilities made up the remaining 13%.
Link: https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/