There are several interesting developments in this plot other than the emphasis on CVE-2018-13379, the vulnerability in the Fortinet SSL VPNs . After growing in prominence to second rank in June and occupying top spot in July and August, CVE-2020-8958 dropped in attack frequency in September to occupy the fourth spot. September was also the first month in this period in which CVE-2017-9841 dropped below the second rank.

All of these trends, however, should be seen in light of the overall drop in traffic targeting CVEs. Both the overall traffic and the vulnerability-focused traffic were below the monthly average. We don’t know if it is because attackers are directing their efforts elsewhere (either in terms of targets or methods), or if some attacker infrastructure was taken down, but the most heavily targeted CVE in September had only a third of the traffic that the top CVE had in July.

Identifying Rapid Growth

The most interesting question around vulnerability trends over time is rapid growth. Most of the CVEs we track fall into one of two clusters of traffic: less than ten attacks or scans per month, which makes up the bulk of the vulnerabilities, and a smaller group that are targeted between 100 and 10,000 times per months. Occasionally we see a vulnerability jump in frequency from one to the other, and when that happens, the next most interesting question is whether the attacker attention endures over time or drops off.