Threat Actors Exploit Vulnerabilities With Increasing Speed
Research by information security company FireEye highlights the decreasing timeframe users have to apply new software patches once they are released. According to the research, an APT group was observed using an exploit for the Microsoft CVE-2017-11882 less than a week after Microsoft released a patch for it in November.
Threat actors are increasingly able to develop new exploits in very short timeframes. In some cases, new patches will need to be applied within a week of release to avoid machines being vulnerable to freshly developed exploits. And the longer devices go unpatched, the more likely they are to fall victim to avoidable network penetration or data theft.
This trend of increasingly fast turnaround times for exploits is likely to continue. Some threat actors may soon be able to turn new exploits around in a matter of days, or even hours.
This threat can be mitigated through routine and well-implemented patching regimes. The NCSC’s End User Device Security collection has details about securing various platforms, and includes advice on patching.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.