Attacks against content management systems such as Oracle, Adobe and WordPress accounted for another 19% of attacks
As per the NTT Global Threat Intelligence Center (GTIC) threat actors are attacking applications and are looking for flaws in the applications available through their web presence. Vulnerabilities in off-the-shelf applications, custom-built applications, databases, support infrastructure, as well as development and management tools, allow cyber criminals to gain direct and public access to databases to churn sensitive data.
Key findings:
- In June 2020, attacks against networking products (i.e., Zyxel, Netis, Netcore, Netgear, Linksys, D-link and Cisco) and video cameras accounted for about 32% of all attacks. Many of these were brute force or authentication attacks
- Beyond actual technologies being attacked, the list of actual vulnerabilities which are actively exploited tends to be relatively narrow. For instance, the top 10 most attacked vulnerabilities in 2019 accounted for 84% of all attacks observed and the top 20 most attacked vulnerabilities accounted for nearly 91% of all attacks.
- Some versions of Oracle Products, ThinkPHP, Joomla!, vBulletin, Apache Products, OpenSSL, IIS, and WordPress included vulnerabilities which could allow an unauthenticated remote attacker to perform remote code execution on the targeted system
- Organisation or businesses can adopt a web-application firewall (WAF) that helps to protect exposed systems from attack; it can block or filter attempted attacks from potentially hostile sources and can identify exploit attempts
- In addition, segregation of internal networks from each other using access control lists, white lists, blacklists, and other filtering techniques can help limit, or at least minimise, the attacker’s attempts to access other systems and data from any compromised system
- Organisations must focus on application security and include a vast set of controls and concerns, starting with designing secure applications, considering security as a basic business requirement, and extending good security practices through ongoing testing, maintenance, and monitoring of the supporting operational environment
