Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Clock PoC. Show all posts

Breaking Down the Clock PoC Exploits Utilized by Hackers Within 22 Minutes

 


It has been shown that threat actors are swift in weaponizing available proof-of-concept (PoC) exploits in real attacks, often within 22 minutes of publicly releasing these exploits. In that regard, Cloudflare has published its annual Application Security report for 2024, which covers the period between May 2023 and March 2024 and identifies emerging threat trends. It has been observed that Cloudflare, which currently processes an average of 57 million requests per second of HTTP traffic, continues to experience an increase in scanning for CVEs, followed by command injection attacks and attempts to weaponize available proofs-of-concept. 

Attackers may exploit a new vulnerability in as little as 22 minutes after the release of a proof-of-concept (PoC), depending on the vulnerability. It has been found that between May 2023 and May 2024, Cloudflare will receive 37,000 threats, which is the most significant number since May 2023. According to Cloudflare's Application Security Report for 2024, hackers are becoming more sophisticated in their search for previously unknown software vulnerabilities, also known as CVEs. They take immediate action when they find them, identifying how to exploit them and attempting to inject commands into them to execute attacks as soon as possible. 

Several CVE vulnerabilities have recently been revealed as vulnerabilities, but hackers have already been able to exploit them within 22 minutes of their disclosure. It was reported in the open-source community that CVE-2024-27198, a vulnerability in JetBrains TeamCity, was exploited by hackers. As a result of the evaluated period, the most targeted vulnerabilities were CVE-2023-50164 and CVE-2022-33891 within Apache software, CVE-2023-29298, CVE-2023-38203, and CVE-2023-26360 within Coldfusion software, and CVE-2023-35082 within Mobile Iron software. CVE-2024-27198 is a characteristic example of how weaponization is developing at an extremely fast rate since it is a vulnerability in JetBrains TeamCity that allows authentication bypass. 

During a recent incident, Cloudflare picked up on the fact that an attacker deployed a PoC-based exploit 22 minutes after it had been published, giving defenders very little time to remediate the attack. There can only be one way of combating this speed, according to the internet firm, and that is through the use of artificial intelligence (AI) to rapidly come up with effective detection rules. As DDoS attacks continue to dominate the security threat landscape, targeted CVE exploits are becoming a greater concern as well in the coming years.

Over a third of all traffic is automated today, and there is a possibility that up to 93% of it is malicious. Approximately 60% of all web traffic now comes from APIs, but only a quarter of companies know which API endpoints they have. Moreover, enterprise websites typically have 47 third-party integrations that are part of their platform. Cloudflare has also been able to gather some valuable information from the study, which is that in the case of API security, companies are still relying on outdated, traditional methods of providing API security. 

In the case of traditional web application firewall (WAF) rules, a negative security model is typically used in the design of those rules. It is assumed that the vast majority of web traffic will be benign in this scenario. Several companies utilize a positive API security model, where strictly defined rules dictate the web traffic that is allowed, while all other access is denied. Cloudflare's network currently processes 57 million HTTP requests per second, reflecting a 23.9% year-over-year increase. The company blocks 209 billion cyber threats daily, which is an 86.6% increase compared to the previous year. These statistics underscore the rapid evolution of the threat landscape. 

According to Cloudflare's report covering Q2 2023 to Q1 2024, there has been a noticeable rise in application layer traffic mitigation, growing from 6% to 6.8%, with peaks reaching up to 12% during significant attacks. The primary contributors to this mitigation are Web Application Firewalls (WAF) and bot mitigations, followed by HTTP DDoS rules. There is an increasing trend in zero-day exploits and Common Vulnerabilities and Exposures (CVE) exploitation, with some exploits being utilized within minutes of their disclosure. 

Distributed Denial of Service (DDoS) attacks remain the most prevalent threat, accounting for 37.1% of mitigated traffic. In the first quarter of 2024 alone, Cloudflare mitigated 4.5 million unique DDoS attacks, marking a 32% increase from 2023. The motivations behind these attacks range from financial gains to political statements.