Basic Web Application Attacks

/ Application Security, Research and Development, Security Monitoring / By

In Basic Web Application Attacks (BWAA), we are largely focusing on attacks that directly target an organization’s most exposed infrastructure, such as Web servers. These incidents leverage one or the other of two entry points, the Use of stolen credentials or Exploiting a vulnerability. Attacks within this pattern are split between two areas. The means of accessing the server, such as using stolen credentials, exploiting vulnerabilities and brute forcing passwords constitutes the first. The second represents the specific payload, such as backdoors, which are used to maintain persistence or monetize access.  

Over 80% of the breaches in this pattern can be attributed to stolen credentials. Figure 55 reveals the larger trends in terms of using stolen credentials vs exploiting vulnerabilities. There’s been an almost 30% increase in stolen credentials since 2017, cementing it as one of the most tried-and-true methods to gain access to an organization for the past four years.

The vast majority of incidents involving Web application are using stolen credentials. There is a sprinkling of other vectors such as Backdoor (useful after you have a foothold), Remote injection (how malware gets on the system after an exploited vulnerability) and, of course, Desktop sharing software.

There is a high prevalence of Web application server attacks but also of Mail servers, which represented less than 20% of the total breaches in this pattern. Of those Mail servers, 80% were compromised with stolen credentials and 30% were compromised using some form of exploit. While this 30% may not seem like an extremely high number, the targeting of mail servers using exploits has increased dramatically since last year, when it accounted for only 3% of the breaches.

One might be forgiven for assuming that these types of attacks would largely be the work of enterprising criminals spraying the internet looking for weak credentials. However, it seems that Nation-state actors have also been leveraging this low-cost, high- pay-o strategy with over 20% of our BWAA breaches being attributed to Espionage. If the front door has a weak lock there is no reason to develop a complicated polymorphic backdoor with a fast flux network of C2 servers.

Don't let hackers ruin your business! Receive a free evaluation of your security posture. Feel free to call or message on WhatsApp:
US: +1 919 907 9059
UAE: +971 056 449 6618

“Security is always excessive until it’s not enough” – Robbie Sinclair

Let's Work Together