Rapid Exploitation of PoC Exploits by Hackers: A Cloudflare Security Report
July 13, 2024
Cloudflare's 2024 Application Security report reveals an alarming trend: cybercriminals are weaponizing publicly available proof-of-concept (PoC) exploits in as little as 22 minutes after they're released. The report, which analyzes data from May 2023 to March 2024, underscores the urgent need for effective cybersecurity measures.
Cloudflare, which processes an average of 57 million HTTP requests per second, has noted an increase in scanning activity for disclosed Common Vulnerabilities and Exposures (CVEs), command injections, and attempts to weaponize available PoCs. The most frequently targeted vulnerabilities during the period under review were CVE-2023-50164 and CVE-2022-33891 in Apache products, CVE-2023-29298, CVE-2023-38203, and CVE-2023-26360 in Coldfusion, and CVE-2023-35082 in MobileIron.
A particularly concerning example of this rapid weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains TeamCity. Cloudflare reported an instance where an attacker deployed a PoC-based exploit a mere 22 minutes after its publication, leaving virtually no time for remediation. "The speed of exploitation of disclosed CVEs is often quicker than the speed at which humans can create WAF rules or create and deploy patches to mitigate attacks," Cloudflare states in the report.
To counter this rapid exploitation, Cloudflare suggests the use of AI to swiftly develop effective detection rules. The company has combined human-written signatures with machine learning to strike a balance between minimizing false positives and responding quickly. This approach has become necessary due to certain threat actors specializing in specific CVE categories and products and their ability to rapidly exploit new vulnerability disclosures.
The report also highlights a significant increase in distributed denial of service (DDoS) attacks. According to Cloudflare, 6.8% of all daily internet traffic is DDoS traffic, a rise from the 6% recorded in the previous 12-month period (2022-2023). During large global attack events, malicious traffic could account for up to 12% of all HTTP traffic.
Cloudflare's data shows a staggering daily average of 209 billion cyber threats blocked in Q1 2024, a 86.6% increase year-over-year. "Focusing on HTTP requests only, in Q1 2024 Cloudflare blocked an average of 209 billion cyber threats each day (+86.6% YoY) [...which] is a substantial increase in relative terms compared to the same time last year," Cloudflare states.
The full report, available for download, provides more detailed insights into these statistics and offers additional recommendations for cybersecurity defenders.
Related News
- TeamCity Patches 26 Security Flaws, Implements Semi-Automatic Updates
- Rise in Ransomware, Cryptomining, and RAT Attacks Due to TeamCity Vulnerability
- BianLian Threat Actors Utilize JetBrains TeamCity Vulnerabilities in Ransomware Assaults
- CISA Highlights Active Exploitation of JetBrains TeamCity Software Vulnerability
- Widespread Exploitation of Critical TeamCity Flaw to Create Admin Accounts
Latest News
- Critical Vulnerability in Exim Mail Servers Affects 1.5 Million Instances
- Akira Ransomware: Accelerated Data Exfiltration in Roughly Two Hours
- Rise in Attacks by Crystalray, the New OSS-Based Threat Actor
- PHP Flaw Exploited by Threat Actors to Disseminate Malware and Initiate DDoS Attacks
- VMware Addresses High-Severity SQL-Injection Vulnerability in Aria Automation Product
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.