Security News > 2021 > May > Hackers scan for vulnerable devices minutes after bug disclosure
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks.
The adversaries' efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure.
Attackers are tireless in their quest for new victims and strive to win the race to patched vulnerable systems.
In some cases adversaries increased the scan frequency to 15 minutes when news emerged about a remotely exploitable, critical bug in a networking device; and the rate dropped to five minutes after the disclosure of the ProxyLogon bugs in Microsoft Exchange Server and Outlook Web Access issues.
Scanners don't see all devices on the network.
"Typically, discovery of assets happens just once per quarter and uses a patchwork of scripts and programs the pen-testers have put together to find some of the infrastructure that is potentially vulnerable. Their methods are rarely comprehensive and regularly fail to find all vulnerable infrastructure of a given organization" - Palo Alto Networks.