Among the key threats for all categories of organizations remain non-updated software and other gross errors of system administrators. This is stated in the analytical report “Russian Cyber ​​Operations” H2’2024, prepared by specialists of the CERT-UA team, which operates as part of the State Cyber Defense Center of the State Service for Special Communications.

Experts also emphasize that hackers exploit unclosed vulnerabilities as quickly as possible - literally within a few hours after their public disclosure.

In general, they record a general trend towards reducing the time from the disclosure of a vulnerability to the first attempts to exploit it.

Usually, hackers need 12 hours after the publication of information about the vulnerability to detect devices that are susceptible to exploitation. And within a day they make the first attempts to exploit it. Also, about a day later, codes for testing the vulnerability (Proof of Concept) are published in the open access.

Most often, companies publicly disclose information about the vulnerabilities of their products along with an update or patch that fixes it. That is why, in order to prevent successful exploitation of the vulnerability, it is necessary to install updates and apply patches in a timely manner.

More - in the report "Russian cyber operations" H2'2024 at the link.  

Source: https://cip.gov.ua/ua/news/neonovlene-programne-zabezpechennya-ye-odniyeyu-z-klyuchovikh-zagroz-dlya-vsikh-kategorii-organizacii