A recent study from GreyNoise reveals a concerning trend in cyberattacks: threat actors are actively exploiting vulnerabilities in edge devices well before these flaws are made public or assigned CVE identifiers.

Published on July 31, the report found that in 80% of cases, malicious activity—such as scanning, brute-force attempts, and even early exploitation—begins days or even weeks prior to the public disclosure of a vulnerability. In some cases, attackers started exploiting weaknesses as much as six weeks in advance.

The research focused on vulnerabilities with a CVSS score of 6 or higher, primarily targeting edge infrastructure. Notably, attackers consistently exploited vulnerabilities in devices from eight major vendors: Cisco, Citrix, Fortinet, Ivanti, Juniper, MikroTik, Palo Alto Networks, and SonicWall. In total, 216 early spikes in attack activity were detected before related CVEs were officially published.

Pre-Disclosure Activity as a Red Flag

GreyNoise urges cybersecurity teams to consider these pre-disclosure activity spikes as warning signs. By closely monitoring abnormal traffic or reconnaissance patterns—especially those targeting edge devices—defenders can gain crucial lead time to prepare for vulnerabilities before they’re widely known.

“When new CVEs cluster within six weeks of an activity spike, defenders gain a tangible window to reinforce systems and justify early security actions,” the report states.

The research suggests that CISOs should proactively block IPs involved in suspicious activity—like scanning or brute-forcing—even if those addresses are not used during later stages of an attack. This step can help reduce the risk of being listed in an attacker’s target inventory.

GreyNoise also highlighted that nation-state actors, including groups like Typhoons, are leveraging edge devices for pre-positioning, surveillance, and persistent access—further emphasizing the need for proactive defense strategies.

Source: https://www.infosecurity-magazine.com/news/hackers-exploit-vulnerabilities