It’s not just you. There has been a dramatic increase in the number of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to hours, leaving defenders with less time to react and respond. While combating these attacks is challenging, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we explore the root causes of mass exploitation attacks, and insights into these attacks gathered from four years of operating a global sensor network listening to internet-wide scan traffic. We will provide a blunt state-of-the-universe analysis on mass exploitation, concluding with recommendations to defenders in preparing for the next time the cyber hits the fan.