Russia launched over a million cyber attacks in three months
14 April 2021 | 0
Unit 42 security researchers looked at network attack trends from last winter and found that 1.3 million seemed to originate from Russia. The US and China were numbers two and three, respectively.
The researchers looked at more than 6 million potential attacks caused by network traffic triggers. Of those, researchers classified 3.47 million as true attacks. Of all the attacks observed, researchers classified 75% as critical. That’s a sizable jump compared to the 50.4% classified as critical in the autumn of 2020.
The most popular form of attack was code execution, accounting for 46.6% of all attacks. Code execution and privilege escalation represented 17.3% of attacks, and 9.9% of attacks were SQL injection.
Over the three months, the most exploited vulnerabilities targeted vendors Linksys, D-Link, ThinkPHP, Drupal, and WordPress.
The researchers found hackers frequently used vulnerabilities disclosed within the past year and exploited them between 2017 and 2020. They added that this highlighted the importance of applying security patches as soon as they become available to protect against the most recently discovered vulnerabilities.
One such flaw noted in the report was CVE-2020-28188. Researchers said TerraMaster Operating System’s PHP page /include/makecvs.php is vulnerable to a command injection vulnerability. In this vulnerability, an attacker can send a payload that will exploit the event parameter in the makecvs PHP page. After successful exploitation, attackers can take full control of servers.
Another flaw mentioned was CVE-2020-17519. This vulnerability is due to a lack of proper checks on a user-supplied file path in Apache.
Flink’s org.apache.flink.runtime.rest.handler.cluster.JobManagerCustomLogHandler class. A remote unauthenticated attacker can easily craft and send a directory traversal request, gaining access to sensitive information in the form of arbitrary files, said the researchers.
Researchers said that the data during the three-month period indicated attackers prioritise easily deployed and newly disclosed exploits.
“While they keep ready-made, weaponised exploits handy, attackers will continuously enrich their arsenal with newly released vulnerabilities and the associated proofs-of-concept. This underscores the need for organizations to patch and implement best security practices regularly,” said researchers.
Dennis Publishing News Service
Is this an area of interest? Tailored training for IT Professionals
The Irish Computer Society provides members with the necessary qualifications, skills and training needed to succeed and excel within the profession.
Upcoming courses which may be of interest include:
- Certificate in Business Analysis – offers academic accreditation for business analysts through the use of proven business analysis techniques. Up to 100% funding available.
- European Certified Data Protection Officer (ECDPO) – This programme has been designed to equip Data Protection Officers with the necessary skills and competencies to meet and maintain all aspects of data protection compliance.
- CDPP – Certified Data Protection Practitioner – Be confident that your organisation’s policies and procedures are legally compliant with data protection legislation by completing Ireland’s first certified data protection practitioner programme.