Another month has passed, which means more sensor telemetry to analyze for attacker targeting trends. October’s data is notable primarily because we detected attackers looking for a handful of interesting vulnerabilities that were recently released or discovered, most notably CVE-2022-41040, one of the Microsoft Exchange zero day vulnerabilities that attackers began to exploit in August 2022, as well as CVE-2022-40684, a recent authentication bypass vulnerability on several Fortinet appliances.

At the same time, most of the targeting traffic we observed was going after the same old standard targets, so let’s dig in and see what’s new and what’s old.

October Vulnerabilities By the Numbers

Figure 1 shows the volume of traffic targeting the top 10 vulnerabilities in October, and it’s largely the same cast of characters we’ve observed since January 2022. After a dip from its high point in July, CVE-2020-8958 grew 60% in frequency from September to October. CVE-2017-9841 continued to trend downwards in frequency, both in absolute as well as in relative terms.

CVE-2018-13379 was a newcomer to our logs last month, and despite its presence in the second spot this month, October traffic targeting it actually increased by 16% compared with September. We suspect that the increased attention on Fortinet systems in general reminded threat actors about this vulnerability.