Attacks leveraging proof-of-concept exploits have been launched as early as 22 minutes following their public disclosure, reports BleepingComputer.
Such immediate weaponization of PoC exploits could only be addressed with the utilization of artificial intelligence in establishing vulnerability detection rules, an analysis from Cloudflare revealed. "The speed of exploitation of disclosed CVEs is often quicker than the speed at which humans can create WAF rules or create and deploy patches to mitigate attacks," said Cloudflare. The findings also showed that intrusions between May 2023 and March 2024 mostly entailed the exploitation of Apache bugs, tracked as CVE-2023-50164 and CVE-2023-33891; Coldfusion flaws, tracked as CVE-2023-29298, CVE-2023-26360, and CVE-2023-38203; and the MobileIron vulnerability, tracked as CVE-2023-35082. Meanwhile, distributed denial-of-service traffic accounted for 6.8% of all daily traffic during the same period, which is higher than the previous 12-month period. Moreover, daily cyber threats averted by Cloudflare also rose by 86.6% year-over-year to 209 billion on average.
