Hackers are increasingly quick to exploit proof-of-concept (PoC) vulnerabilities, with some attacks occurring just 22 minutes after public disclosure. Cloudflare's 2024 Application Security report, covering May 2023 to March 2024, highlights this trend, noting heightened scanning activity and rapid weaponization of disclosed CVEs.
Notable vulnerabilities targeted include CVE-2023-50164 and CVE-2022-33891 in Apache, and CVE-2023-29298 in ColdFusion. A striking example is CVE-2024-27198 in JetBrains TeamCity, exploited within 22 minutes of its PoC release.
Increasing DDoS Attacks
The report also reveals a significant rise in distributed denial of service (DDoS) attacks, with 6.8% of daily internet traffic attributed to DDoS activity, up from 6% the previous year. During major global attack events, malicious traffic can constitute up to 12% of all HTTP traffic. In Q1 2024, Cloudflare blocked an average of 209 billion cyber threats daily, marking an 86.6% year-over-year increase.
For a comprehensive defence strategy, it is crucial to leverage advanced technologies and remain vigilant against these rapidly evolving cyber threats.
