Barracuda, a trusted partner and leading provider of cloud-first security solutions, has released a Threat Spotlight revealing that cyber attackers are relying on outdated tactics and overlooked security weaknesses to target organizations. These attackers aim to gain remote control of systems, install malware, steal information, disrupt business operations through denial-of-service attacks, and more.
The findings are based on an analysis of three months’ worth of detection data from the Intrusion Detection Systems (IDS) used by Barracuda’s Security Operations Center (SOC), part of Barracuda XDR. The IDS tools provide not just a powerful early warning system of potential attack – they also reveal the weaknesses that attackers are targeting and the most popular tactics they are using to do so.
The analysis of the detection data highlights several key points, including:
- Attackers try to gain remote control of vulnerable systems by using a tactic from 2008 that would let them take advantage of a misconfigured web server to get to data such as application code or sensitive operating system files that they should not have access to.
- Another tactic designed to achieve the goal of remote-control dates from 2003 and involves trying to inject specially crafted malicious code into a legitimate process which would allow the attacker to read sensitive data, modify operations, and send instructions to the operating system.
- Other established tactics target bugs in the programming languages that developers use to create applications which are integrated into common web-based systems or into “middleware” that processes data, such as when someone adds an item to their online shopping cart. The potential reach of a successful attack using these tactics is therefore extensive.
- Attackers try to get hold of sensitive information by targeting vulnerable servers to obtain passwords or lists of users, or by misusing a legitimate process to find out how many computers on a network have an active IP connection. This can help with planning and preparing for a bigger attack.
- Attackers are also trying to cause general chaos, disruption, and denial of service by messing with online traffic data packets, making them too small or fragmenting them so that the communications channels and destination servers become overwhelmed and crash.
“Security weaknesses do not have an expiration date, and over time they can become deeply embedded, shadow vulnerabilities within a system or application. The tactics used to exploit them do not necessarily have to be new or sophisticated to succeed,” emphasized Merium Khalid, Senior SOC Manager, Offensive Security, Barracuda XDR. “A multi-layered approach to protection with multiple levels of detection and scrutiny is essential. Understanding the vulnerabilities present in your IT environment, who may target them, and how they do so is crucial, as is the ability to respond and mitigate these threats.”