Rapid Exploitation of PoC Exploits by Hackers: A Cloudflare Security Report

July 13, 2024

Cloudflare's 2024 Application Security report reveals an alarming trend: cybercriminals are weaponizing publicly available proof-of-concept (PoC) exploits in as little as 22 minutes after they're released. The report, which analyzes data from May 2023 to March 2024, underscores the urgent need for effective cybersecurity measures.

Cloudflare, which processes an average of 57 million HTTP requests per second, has noted an increase in scanning activity for disclosed Common Vulnerabilities and Exposures (CVEs), command injections, and attempts to weaponize available PoCs. The most frequently targeted vulnerabilities during the period under review were CVE-2023-50164 and CVE-2022-33891 in Apache products, CVE-2023-29298, CVE-2023-38203, and CVE-2023-26360 in Coldfusion, and CVE-2023-35082 in MobileIron.

A particularly concerning example of this rapid weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains TeamCity. Cloudflare reported an instance where an attacker deployed a PoC-based exploit a mere 22 minutes after its publication, leaving virtually no time for remediation. "The speed of exploitation of disclosed CVEs is often quicker than the speed at which humans can create WAF rules or create and deploy patches to mitigate attacks," Cloudflare states in the report.

To counter this rapid exploitation, Cloudflare suggests the use of AI to swiftly develop effective detection rules. The company has combined human-written signatures with machine learning to strike a balance between minimizing false positives and responding quickly. This approach has become necessary due to certain threat actors specializing in specific CVE categories and products and their ability to rapidly exploit new vulnerability disclosures.

The report also highlights a significant increase in distributed denial of service (DDoS) attacks. According to Cloudflare, 6.8% of all daily internet traffic is DDoS traffic, a rise from the 6% recorded in the previous 12-month period (2022-2023). During large global attack events, malicious traffic could account for up to 12% of all HTTP traffic.

Cloudflare's data shows a staggering daily average of 209 billion cyber threats blocked in Q1 2024, a 86.6% increase year-over-year. "Focusing on HTTP requests only, in Q1 2024 Cloudflare blocked an average of 209 billion cyber threats each day (+86.6% YoY) [...which] is a substantial increase in relative terms compared to the same time last year," Cloudflare states.

The full report, available for download, provides more detailed insights into these statistics and offers additional recommendations for cybersecurity defenders.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.