By the time you read this article, a zero-day CVE is likely getting exploited.
According to researchers with Cloudflare, a newly disclosed vulnerability has come under attack as fast as 22 minutes after a proof of concept (POC) was disclosed.
The internet backbone provider said attackers are more active than ever and are able to jump onto security vulnerabilities with malware exploits at a faster rate than defenders can meet.
“The speed of exploitation of disclosed CVEs is often quicker than the speed at which humans can create WAF rules or create and deploy patches to mitigate attacks,” said Cloudflare.
“This also applies to our own internal security analyst team that maintains the WAF Managed Ruleset, which has led us to combine the human written signatures with an ML-based approach to achieve the best balance between low false positives and speed of response.”
Cloudflare provides a number of internet services, including content delivery, cybersecurity, DDoS mitigation and domain registration, and said it's seeing an unprecedented rate at which vulnerability disclosures turn into active malware attacks.
Most of the increase in activity was down to scanning activity, as threat actors sought out vulnerable systems, which leads to an uptick in attempts to execute automated exploits.
The numbers lead Cloudflare to conclude that attackers are increasingly looking to go after the low-hanging fruit and jump on publicly known flaws in the period between when a vulnerability is disclosed and when a patch can be disclosed on a widespread basis.
“This trend in CVE exploitation attempt activity indicates that attackers are going for the easiest targets first, and likely having success in some instances given the continued activity around old vulnerabilities,” noted the researchers.
The researchers added that the increase in attacks coincides with a shift in global politics and increasingly polarized opinions amongst users.
“Over the last twelve months, the internet security landscape has changed dramatically,” the Cloudflare team said.
“Geopolitical uncertainty, coupled with an active 2024 voting season in many countries across the world, has led to a substantial increase in malicious traffic activity across the internet.”
