Baselining @ a new level
The following post is an interesting read in how "spikes" in blocked (hopefully) incoming traffic may be a prelude to an incoming attack recon or possibly a breach in progress.
Spikes in malicious activity precede new security flaws in 80% of cases
Researchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts targeting edge networking devices are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks.
Bill Toulas
Researchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts targeting edge networking devices are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks.
GreyNoise’s new research reveals a recurring pattern: spikes in malicious activity often precede the disclosure of new CVEs — especially in enterprise edge technologies like VPNs and firewalls. In 80 percent of the cases studied, attackers hit specific technologies weeks before a new vulnerability affecting them was published.
Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities
GreyNoise’s new research reveals a recurring pattern: spikes in malicious activity often precede the disclosure of new CVEs — especially in enterprise edge technologies like VPNs and firewalls.
See a spike in you incoming network traffic. Something out of the normal - good chance its happening because someone knows about a zero that hasn't been documented yet, or that's how I read it.
Maybe
#enoughsaid