Cybercriminals resume 15-year-old attack techniques

Cybercriminals are carrying out attack techniques that are up to 15 years old to find and exploit vulnerabilities and security gaps in the systems of companies and organizations.

This is one of the conclusions reached by Barracuda Networks in a recent report called ‘Threat Spotlight’, where it points out that malicious agents use these techniques to install malicious programs, interrupt the operation of devices or steal confidential information.

The security solutions company has commented that cybercriminals “quickly” take advantage of the new opportunities that are presented to spread their malicious campaigns on the computers of companies and organizations. One of them took place in December 2021, when there was a Log4J flaw. That is, a remote code execution (RCE) vulnerability that allows malicious agents to execute arbitrary Java code, taking control of a target server.

Due to this bug, Barracuda Networks has concluded that there was an increase in cyberattacks exploiting this vulnerability, reaching 150 % more attacks of this type the following year.

The company has commented that attackers know that the types of attacks that have been successful in the past can also work today, and to do so, they focus on weaknesses that in most cases have existed for years. To reach this conclusion, his team of researchers has carried out an analysis for three months of ID data detection, a tool that is used 24 hours a day, 7 days a week in the company’s Operations Center (SOC).

First, it has indicated that cyberattackers have tried to gain control of vulnerable systems using techniques that date back to 2008, that is, 15 years ago. Thanks to them, they can take advantage of web servers that are misconfigured to obtain data such as application codes or files that they should not have access to.

Attackers exploit bugs in programming languages

Another of the attackers’ targets are bugs in the programming languages ​​that developers use to create applications included in operating systems, on the web, or in ‘middleware’. That is, the ‘software’ system that provides common cloud functions and services for applications.

In this case, cybercriminals take advantage of user actions, such as when they add a product to their ‘online’ shopping cart or when they enter their personal data and press the ‘Send’ button, to send that information to an external server. If your Common Gateway Interface (CGI) configuration is configured incorrectly, the attacker will be able to gain remote control of the system, and you will be vulnerable to malicious code injection.

The cybersecurity company has commented that another of the main objectives of the attackers is to get hold of sensitive and protected information through vulnerable servers, such as passwords, user lists, contact information. In this case, they use improperly legitimate processes to find out how many computers have an active IP connection. Thus, this action can help plan and prepare large-scale malicious campaigns.

Finally, Barracuda Networks has qualified that malicious actors try to generate chaos in a general way, interrupting services and altering the data packets of the ‘online’ traffic. Thus, they manage to saturate the communication channels and the destination servers. The company has recognized that security flaws “have no expiration date and the risk is that, over time, they may be more difficult to locate and mitigate”, so they are reduced to vulnerabilities embedded in a system or in an application. , in the words of the senior SOC Manager, Offensive Security at Barracuda XDR, Merium Khalid.

Source: dpa

(Reference image source: Unsplash, in collaboration with Shubham Dhage)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram