Sensor Frequency Distribution: Contrasting CVE-2021-3156 (Sudo) with Previous Exploit Momentums

​In the hopes of providing greater context surrounding the explosion of exploit code for CVE-2021-3156 (Sudo), we have compared it (by sensor hit frequency) to some other exploits that became publicly available and then went on to be used by adversaries. Our sensors typically see these buildup patterns within the security community preceding mass exploitation campaigns and act as a leading indicator. CVE-2021-3156 (Sudo) has had extremely strong human momentum behind it and resembles momentum patterns like those that preceded mass exploitation campaigns. Keep in mind timeframe, CVE-2021-3156 (Sudo) just became publicly available over the last few weeks.