PoC -Exenth-based cyber attacks are occurring at an alarming rate, sometimes within just 22 minutes of the publication of the Proof of Concept (POC). The trends and behaviors of attackers are outlined in a new Cloudflare report covering the period from May 2023 to March 2024.
Cloudflare, a company processing an average of 57 million HTTP requests per second, has observed a rise in scanning activity for CVE vulnerabilities, along with efforts to exploit commands and utilize POC-EX-EXPLOTE. During the study period, the most frequently targeted vulnerabilities included:
- CVE-2023-50164 (CVSS rating: 9.8) and CVE-2022-33891 (CVSS rating: 8.8) in Apache products;
- CVE-2023-29298 (CVSS rating: 7.5), CVE-2023-38203 (CVSS rating: 9.8), and CVE-2023-26360 (CVSS rating: 9.8) in Coldfusion;
- CVE-2023-35082 (CVSS rating: 9.8) in IVANTI EPMM (previously MobileIron).
A standout vulnerability identified is CVE-2024-27198 (CVSS rating: 9.8), an authentication bypass issue in Jetbrains Teamcity. Cloudflare documented an instance where an attacker exploited the POC-Exferences just 22 minutes after its release, leaving no time for defenders to react.
To counteract the speed of such attacks, Cloudflare suggests using artificial intelligence to rapidly develop effective detection rules. The report highlights the challenge where the speed of exploiting vulnerabilities often surpasses the rate at which rules for network security screens are produced or security patches are developed and deployed.
Attackers often specialize in exploiting specific categories of CVE vulnerabilities and products, enabling them to swiftly capitalize on new weaknesses. This specialization can outpace even seasoned security teams, making it difficult to fend off threats in time.
Additionally, there has been a significant uptick in the volume of DDOS attacks, constituting 6.8% of total Internet traffic. This marks an increase from the 6% recorded between 2022 and 2023. During large