Web app attacks target security misconfigurations

No Comments

New research from Barracuda finds that 30 percent of all attacks against web applications target security misconfigurations -- such as coding and implementation errors.

Analysis of incidents detected and mitigated by Barracuda Application Security during December shows 21 percent involved code injection. Though these were more than just SQL injections, generally designed to steal, destroy, or manipulate data.

Log4Shell and LDAP injection attacks were also popular. LDAP is used by organizations for privilege management, resource management, and access control, for example to support single sign on (SSO) for applications.

Anti-botnet detection data shows that the majority (53 percent) of bot attacks targeting web
applications in December 2023 were volumetric distributed denial of service (DDoS) attacks. This type of brute force attack can often be used as cover for a more targeted attack against a network.

The data also shows that around a third (34 percent) of bot attacks were application DDoS attacks, targeting a specific application, and five percent were bot-driven account takeover attempts.

Outdated and vulnerable components in applications continue to be a focus for attacks. The
ProxyShell vulnerabilities complex from 2021, for example, has been continuously exploited, leading to a number of high-profile breaches, including ransomware.

Tushar Richabadas, senior product marketing manager, applications and cloud security at Barracuda, writes on the company’s blog:

Defenders are hard pressed to keep up with the growing number of vulnerabilities. They have to contend with both zero-days and older vulnerabilities. The software supply chain for critical apps may also have vulnerabilities -- as demonstrated by the Log4Shell vulnerability.

Attackers will often target old vulnerabilities that security teams have forgotten about to try and breach an overlooked, unpatched application and then spread into the network.

You can read more on the Barracuda blog.

Image credit: PopNukoonrat/Dreamstime.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Beyond the snapshot: Why continuous risk assessment is essential in today's threat landscape

TUXEDO Stellaris 17 (Gen6): A high-performance portable Linux workstation

New solution helps companies prepare for 90-day TLS standard

Get 'Enterprise Transformation to AI and the Metaverse' (worth $59.99) for FREE

Best Windows apps this week

All you wanted to know about passkeys but were afraid to ask

Microsoft tells users 'if you want to fix 0x80070643 errors, you'll have to do it yourself'

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.1

78 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

24 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

Microsoft is actively blocking Windows 11 tweaking tools

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.