Newly discovered vulnerabilities are sometimes exploited by attackers within just 22 minutes of the public release of a proof-of-concept (PoC). This is according to a Cloudflare study on the most significant threats between May 2023 and May 2024.
The Cloudflare Application Security Report for 2024 shows that hackers are increasingly scanning for discovered software vulnerabilities or CVEs. When they encounter them, they take action almost immediately to exploit them and attack them with command injections.
The researchers note that hackers often attack a disclosed CVE vulnerability very quickly, sometimes within 22 minutes. As an example, they cited CVE-2024-27198, an authentication bypass in JetBrains TeamCity.
This vulnerability was attacked within 22 minutes of publication, so security specialists had no reasonable amount of time to defend themselves. According to Cloudflare, such a rapid response from hackers can only be combated by using AI to create defensive detection rules.
The most frequently attacked CVE between May 2023 and 2024 were CVE-2023-50164 and CVE-2022-33891 in Apache products, CVE-2023-29298, CVE-2023-38203 and CVE-2023-26360 for Coldfusion and CVE-2023-35082 for MobileIron.
Still many old API security methods
Another vital lesson Cloudflare draws from the study is that in the case of API security, companies still rely too much on traditional, often outdated, security methods. One example is traditional web application firewall (WAF) rules that use a negative security model.
Here, the assumption is that most web traffic is benign. Few companies are said to use a positive API security model where strictly defined rules allow what web traffic is allowed and deny access to the rest.
Other research findings.
In their research, Cloudflare additionally notes more noteworthy things. During the period studied, of the total daily Internet traffic, about 6 percent was used to carry out DDoS attacks. The total amount of malicious traffic during major cyberattacks accounts for 12 percent of total HTTP traffic at those times.
In the first quarter of this year, Cloudflare also blocked 209 billion cyber threats per day. This is a whopping 86.6 percent more than in the same period in 2023.
Other notable facts are further that as much as one-third of total Internet traffic comes from bots. Of these, 93 percent are malicious and thus, if undetected, can cause major problems.
Last, but not least, third-party software or code increasingly poses a serious risk. Especially since companies are increasingly integrating third-party code or software into their own systems. This puts them at greater risk of being victimized by, for example, a supply-chain attack.
Also read: Boomi brightens shadow API sprawl