In a startling revelation from F5 Labs’ latest Sensor Intel Series report, vulnerability scanning attacks have surged to unprecedented levels, with a 91% increase observed in 2024 compared to the previous year.
This dramatic rise in scanning activity signals a significant shift in the cybersecurity landscape, with attackers intensifying their efforts to exploit vulnerabilities in various systems, particularly IoT devices and consumer routers.
IoT Devices and Consumer Routers in the Crosshairs
The report highlights that a staggering 42% of all CVE-related traffic targeted IoT devices and consumer routers.
This trend underscores the growing threat to these often-overlooked components of network infrastructure.
Among the most targeted vulnerabilities, CVE-2023-1389, a command injection flaw in TP-Link Archer AX21 dual-band wifi routers, accounted for 33% of all CVE-related scanning attempts.
The persistent targeting of IoT devices raises concerns about the security of IP cameras, home routers, and other connected devices that may be present in both consumer and enterprise environments.
Security experts warn that these vulnerabilities could potentially serve as entry points for more sophisticated attacks on larger networks.
Scanning Infrastructure Predominantly Hosted on Cloud Providers
An analysis of the attack sources revealed that 75% of the scanning traffic originated from just 20 ASNs, with the majority being hosting providers and smaller cloud service providers.
This finding suggests that attackers are leveraging cloud infrastructure to conduct large-scale scanning operations, potentially to evade detection and benefit from the scalability offered by these platforms.
The report also noted a significant spike in scanning attempts for CVE-2024-3721, a command injection vulnerability in TBK DVR models, which saw a surge of two orders of magnitude in January 2025.
This rapid increase in targeting a specific vulnerability demonstrates the agility of attackers in exploiting newly discovered flaws.
As the threat landscape continues to evolve, organizations are urged to remain vigilant and prioritize the security of their IoT devices and network infrastructure.
Regular vulnerability assessments, prompt patching, and the implementation of robust security measures are crucial in mitigating the risks posed by these escalating scanning attacks.
The F5 Labs report serves as a stark reminder of the ever-present and growing cyber threats facing businesses and individuals alike.
As scanning activities reach new heights, the need for proactive cybersecurity measures has never been more critical in safeguarding digital assets and maintaining network integrity.
