Cybercriminals Return to 15-Year-Old Attack Techniques to Find and Exploit Vulnerabilities

June 28 (Portaltic/EP) –

cybercriminals They are carrying out attack techniques that are up to 15 years old to find and exploit vulnerabilities and security gaps in the systems of companies and organizations.

It is one of the conclusions reached by Barracuda Networkworks in a recent report called Threat Spotlight, where he points out that malicious agents use these techniques to install malicious programs, interrupt the operation of devices or steal confidential information.

The security solutions company has commented that cybercriminals are “quickly” taking advantage of the new opportunities that are presented to spread their malicious campaigns in teams of companies and organizations.

One of them took place in December 2021, when there was a Log4J flaw, that is, a remote code execution (RCE) vulnerability that allows malicious agents to execute arbitrary Java codetaking control of a target server.

Due to this error, Barracuda Networks has concluded that there has been an increase in cyberattacks exploiting this vulnerabilityuntil reaching 150 percent more attacks of this type the following year.

The company has commented that attackers know that the types of attacks that have been successful in the past can also work today and that, to do so, focus on weaknesses that in most cases They have been around for years.

To reach this conclusion, his team of researchers has carried out an analysis for three months of ID data detection, a tool that is used 24 hours a day, 7 days a week in the company’s Operations Center (SOC).

First, it has indicated that cyber attackers have tried to gain control of vulnerable systems using techniques dating back to 2008, that is, 15 years ago. Thanks to them, they can take advantage of web servers that are misconfigured to obtain data such as application codes or files that they should not have access to.

THEY TAKE ADVANTAGE OF BUGS IN PROGRAMMING LANGUAGES

Another of the attackers’ targets are bugs in the programming languages ​​that developers use to create applications included in operating systems, on the web, or in ‘middleware’, that is, the ‘software’ system that offers functions and common cloud services for applications.

In this case, cybercriminals take advantage of user actions – such as when they include a product to your online shopping cart or when they enter their personal data and press the ‘Send’ button – to send that information to an external server.

If your Common Gateway Interface (CGI) configuration is configured incorrectly, the attacker will be able to gain remote control of the system and you will be vulnerable to malicious code injection.

The cybersecurity company has commented that another of the main objectives of the attackers is to get hold of sensitive and protected information through vulnerable serverssuch as passwords, user lists, contact details, etc.

In this case, they use improperly legitimate processes to find out how many computers have an active IP connection. In this way, this action can help to plan and prepare large-scale malicious campaigns.

Finally, Barracuda Networks has qualified that malicious actors try to generate chaos in a general way, interrupting services and altering the data packets of the ‘online’ traffic. So, manage to saturate the communication channels and destination servers.

The company has recognized that security flaws “do not have an expiration date and the risk is that, over time, they may be more difficult to locate and mitigate“, so they are reduced to vulnerabilities embedded in a system or in an application, in the words of the senior SOC Manager, Offensive Security at Barracuda XDR, Merium Khalid.