Despite rising cybercriminal sophistication and widened attack surfaces due to remote-working trends, discovered vulnerabilities are not being patched quickly.
Using client fingerprinting and other techniques to examine exploitation activity and attack patterns for two remote code execution (RCE) vulnerabilities affecting Atlassian’s Confluence and Microsoft Azure’s Open Management Infrastructure (OMI) between August and September this year, threat researchers found spikes in attacks coming from more than 500 unique attacker IP addresses.
Over the 45-day period, the IP addresses were the source of attempts to exploit the Confluence and OMI vulnerabilities. Behind each IP were multiple attackers, which means the number of attacks were significantly higher than the number of IPs.
According to Tushar Richabadas, Senior Manager, Applications and Cloud Security, Barracuda, the firm that announced this discovery: “Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks. However, all-in-one solutions are now available to protect your web applications from being exploited because of these vulnerabilities. The need for a WAF-as-a-Service or Web Application & API Protection solution has never been more relevant than now, with many workforces across APAC still supporting remote-working and a lot of applications moving online. Organizations need to ensure they have a solution that includes bot mitigation, DDoS protection, and API security to stay protected against these increasingly nasty attacks.”
RCE vulnerabilities describe the execution of arbitrary code on a computer system, which allows a threat actor to gain control of a system remotely. This can be particularly dangerous if the RCE allows the execution of malicious code onto an application or server.
Barracuda researchers noted that attacks have continued to stay elevated as many users of both platforms are still not patched against the vulnerabilities. Businesses in the region need to take steps to patch up RCE bugs more diligently.
