There has been a significant rise in cyber attacks probing for unpatched software vulnerabilities I'm devices, according to a report from cybersecurity firm Barracuda.
These attacks are looking for publicly disclosed vulnerabilities for which a security update is yet to be installed.
While analysing the data from the attacks blocked by their systems over the past two months, Barracuda researchers have identified hundreds of thousands of automated scans and attacks per day, with the numbers sometimes spiking into the millions.
The data also points towards thousands of scans per day for the recently patched Microsoft and VMware vulnerabilities, it said.
One such instance is probing for a Microsoft vulnerability dubbed Hafnium.
First disclosed in March 2021, the server-side request forgery (SSRF) vulnerability in Microsoft Exchange allows the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
The vulnerability CVE-2021-26855 is used to identify vulnerable systems, and the remaining vulnerabilities are chained with this vulnerability to gain access and perform further exploitation, including dropping web shells into the exploited systems, as per information available publicly.
In March, there was an increase in probing for the vulnerabilities from time to time with regular scans across the sensors and deployments worldwide, which then dropped off to lower levels, Barracuda said.
Another example is a remote code execution vulnerability CVE-2021-21972 in the vSphere Client (HTML5) from VMware details of which were released on February 24, 2021.
"A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," VMware had warned.
There has been regular probing for CVE-2021-21972 with some downturn in the scanning.
Murali Urs, Country Manager-Barracuda Networks India said, “Software vulnerabilities, especially hard-hitting ones, continue being scanned for and have been exploited for quite some time after the release of patches and mitigations."
"Attackers understand that defenders don’t always have the time or bandwidth to keep up with patches all the time, and things slide—providing them with an easy way into the network. We are expecting to see some uptick in the scans from time to time as attackers move through the list of known high-impact vulnerabilities," Urs said.
“To gain protection against automated attacks taking advantage of known software vulnerabilities, organizations should look for a WAAP (Web Application and API Protection services) solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection — and make sure it is properly configured.” Urs added.
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.