GreyNoise research shows that spikes in edge-device reconnaissance often precede public vulnerability disclosures, giving defenders advance notice. The study found a median nine-day warning and linked 104 activity surges to targeted vendors of routers, VPNs, firewalls and other security appliances. #GreyNoise #Cisco
Keypoints
- Attackers conduct reconnaissance spikes against specific vendors before exploiting vulnerabilities.
- GreyNoise detected 104 distinct activity surges across 18 vendors during a 103-day study.
- The median warning of an impending vulnerability disclosure was nine days before public alerts.
- Concurrent increases in session counts and unique source IPs indicate coordinated escalation.
- Security appliances like routers, VPNs and firewalls are frequent targets for reconnaissance and exploitation.