Express Computer
Home  »  News  »  Barracuda Researchers discover an alarming number of attacks probing for unpatched software vulnerabilities

Barracuda Researchers discover an alarming number of attacks probing for unpatched software vulnerabilities

0 184

While analyzing the data from the attacks blocked by their systems over the past two months, researchers of Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, identified hundreds of thousands of automated scans and attacks per day, with the numbers sometimes spiking into the millions. The data also points towards thousands of scans per day for the recently patched Microsoft and VMware vulnerabilities.

First disclosed in March 2021, the Microsoft vulnerability a.k.a. Hafnium is a server-side request forgery (SSRF) vulnerability in Exchange, which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server. From the information publicly available, CVE-2021-26855 is used to identify vulnerable systems, and the remaining vulnerabilities are chained with this vulnerability to gain access and perform further exploitation, including dropping web shells into the exploited systems.

In March, there was an increase in probing for the vulnerabilities from time to time with regular scans across the sensors and deployments worldwide, which then dropped off to lower levels. Meanwhile, in the case of VMware, CVE-2021- 21972 and CVE-2021-21973 were released on February 24, 2021. There has been regular probing for CVE-2021-21972 with some downturn in the scanning.

Speaking on the latest findings, Murali Urs, Country Manager-Barracuda Networks India said, “Software vulnerabilities, especially hard-hitting ones, continue being scanned for and have been exploited for quite some time after the release of patches and mitigations. Attackers understand that defenders don’t always have the time or bandwidth to keep up with patches all the time, and things slide—providing them with an easy way into the network. We are expecting to see some uptick in the scans from time to time as attackers move through the list of known high-impact vulnerabilities.”

While analyzing attacks, Barracuda researchers also identified their patterns. Bots followed the course of a workday to perform their attacks, which has now shifted to workweek. Both these insights show that most attackers seem to take the weekend off, even when running automated tasks. This is likely because it is easier to hide in the crowd when attempting various activities rather than setting off alarms by going after less used systems on weekends.

Some of the most common attack types included attempts at reconnaissance/fuzzing, and attacks against application vulnerabilities (WordPress was the most popular). Typically, SQL injection attacks take place followed by command injection attacks and then any other type of attack. However, this time, command injection was by far the leader that peaked over two weeks in June and then went back down to the normal traffic levels. The remaining attacks were at more or less the expected levels, with no specific attack patterns to be called out in the different categories.

Finally, the levels of HTTPS traffic and the versions of the protocols used were analysed where the latest TLS1.3 emerged as the clear leader, followed by TLS1.2. This is good news, given that these are the most secure protocols. While there are some deployments still using plain HTTP but the traffic generated through it is higher in volume than the older and insecure SSL/TLS protocols.

“To gain protection against automated attacks taking advantage of known software vulnerabilities, organizations should look for a WAAP (Web Application and API Protection services) solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection — and make sure it is properly configured.” Urs added.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image