New vulnerabilities are discovered every day; they are nothing to buzz about. However, when malware creators start using smarter ways to exploit the flaws, vulnerabilities emerge as top threat.
The latest Internet Security Systems X-Force report revealed that the bad guys came up with automatic ways to attack new vulnerabilities. Usually researchers working on finding security holes don’t publish newly discovered flaws until the creators of software release a patch. This scheme serves for obvious reasons: if a flaw in known widely, it makes users of software a target and it may take a company of the software too long to create a patch. However some researchers are too proud of their findings to keep it silent. And the anxiety to publish a work serves the malware creators only as they don’t need to search for vulnerabilities by themselves.
The list of new exploits being served with a cherry on a top is not the worst thing; it’s actually just one part of the deal. Researchers at IBM Corp. noticed cyber criminals using certain templates of exploiting new flaws: once new vulnerability emerges, it may take as little as 24 hours for sophisticated attack.