Hackers Begin Scanning for Vulnerabilities Just Minutes After Bug Reports

According to experts at Palo Alto Networks, hackers waste no time after a new bug is officially disclosed. On average, cybercriminals launch new scans for vulnerable systems every hour, acting much faster than companies, which often need significant time to fix bugs. When information about critical vulnerabilities appears online, hackers move even quicker—new scans are initiated within just a few minutes.

Study Details and Key Findings

To gather these statistics, Palo Alto Networks specialists analyzed various scans targeting 50,000,000 IP addresses across 50 global enterprises, including some Fortune 500 companies, from January to March 2021. The study found that, on average, companies take about 12 hours to detect and patch a new serious vulnerability.

Nearly a third of the identified issues were related to RDP (Remote Desktop Protocol), a common target for ransomware attackers because it can provide administrative access to servers. Other widespread problems included:

• Misconfigured database servers
• Zero-day vulnerabilities in critical Microsoft and F5 products
• Insecure remote access protocols (such as Telnet, SNMP, and VNC)

Attackers Are Getting Faster

When news breaks about a new critical vulnerability that can be exploited remotely, attackers often increase their scanning frequency to every 15 minutes. In some cases, hackers act even faster. For example, it took them only about 5 minutes to start scanning after the discovery of ProxyLogon bugs in Microsoft Exchange Server and issues with Outlook Web Access (OWA).

Cloud Computing Makes Scanning Easy and Cheap

Experts explain that computing power has become so affordable that a potential attacker only needs to spend about $10 to rent cloud resources and quickly scan the entire internet for vulnerable systems.