Express Computer
Home  »  News  »  Cybercriminals exploit outdated security flaws: Barracuda threat report

Cybercriminals exploit outdated security flaws: Barracuda threat report

0 61

Barracuda, a trusted partner and leading provider of cloud-first security solutions, has released a Threat Spotlight revealing that cyber attackers are relying on outdated tactics and overlooked security weaknesses to target organizations. These attackers aim to gain remote control of systems, install malware, steal information, disrupt business operations through denial-of-service attacks, and more.

The findings are based on an analysis of three months’ worth of detection data from the Intrusion Detection Systems (IDS) used by Barracuda’s Security Operations Center (SOC), part of Barracuda XDR. The IDS tools provide not just a powerful early warning system of potential attack – they also reveal the weaknesses that attackers are targeting and the most popular tactics they are using to do so.

The analysis of the detection data highlights several key points, including:

  • Attackers try to gain remote control of vulnerable systems by using a tactic from 2008 that would let them take advantage of a misconfigured web server to get to data such as application code or sensitive operating system files that they should not have access to.
  • Another tactic designed to achieve the goal of remote-control dates from 2003 and involves trying to inject specially crafted malicious code into a legitimate process which would allow the attacker to read sensitive data, modify operations, and send instructions to the operating system.
  • Other established tactics target bugs in the programming languages that developers use to create applications which are integrated into common web-based systems or into “middleware” that processes data, such as when someone adds an item to their online shopping cart. The potential reach of a successful attack using these tactics is therefore extensive.
  • Attackers try to get hold of sensitive information by targeting vulnerable servers to obtain passwords or lists of users, or by misusing a legitimate process to find out how many computers on a network have an active IP connection. This can help with planning and preparing for a bigger attack.
  • Attackers are also trying to cause general chaos, disruption, and denial of service by messing with online traffic data packets, making them too small or fragmenting them so that the communications channels and destination servers become overwhelmed and crash.

“Security weaknesses do not have an expiration date, and over time they can become deeply embedded, shadow vulnerabilities within a system or application. The tactics used to exploit them do not necessarily have to be new or sophisticated to succeed,” emphasized Merium Khalid, Senior SOC Manager, Offensive Security, Barracuda XDR. “A multi-layered approach to protection with multiple levels of detection and scrutiny is essential. Understanding the vulnerabilities present in your IT environment, who may target them, and how they do so is crucial, as is the ability to respond and mitigate these threats.”

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image