Despite its age, a new study has discovered that some attacks that are almost part of the past are currently being used. Why is it still so easy to carry out these attacks? What are they?
These days, technological advances and new attack techniques seem to emerge on an almost daily basis. However, in a surprising twist, Cybercriminals have decided to look back in time and resurrect, or rather never bury, attack techniques that were already thought to be obsolete.
In particular, they have revitalized methods such as SQL injections, RCE vulnerabilities and specifically RCE Apache Tomcat and PHPUnit exploits, which had been forgotten by many, although it is probably not even familiar to some.
These techniques, popularized approximately 15 years ago, They show that cyberattacks are a constant game of cat and mouse between defenders and cybercriminals.
“Cybercriminals will continue using old techniques as long as they continue to work. That does not mean that they stop innovating or launching attacks based on new techniques, they will continue to do both but the possibility of continuing to use old techniques is simply easier when it comes to monetizing their efforts “explains Miguel López, CEO of Barracuda Networks in an interview for Computer Hoy.
Some of the most used attacks in 2023 are up to 15 years old
“The reason for continuing to use well-known or even ‘old-fashioned’ attacks is that they continue to work in many environments that are not properly secured. They are well-known, low-cost attacks that are easy for cybercriminals to perpetrate, and they will continue to use them as long as they continue to use them.” allowing them access to their victims”says the expert.
SQL injection
This is a cyber attack technique that takes advantage of a common vulnerability in web applications that interact with databases. Basically, it consists of inserting malicious SQL code into an application’s data entry, with the aim of manipulating the query to the database and gaining unauthorized access to its content.
Imagine a web application that allows users to log in with a username and password. When a user enters their credentials, the application checks if they exist in the database and, if so, allows access.
However, If the application is not designed correctly and does not properly validate user input, an attacker could exploit this vulnerability.
“In the case of SQL Injection, we are dealing with one of the oldest techniques, but also one of the most common for violating the security of a web server. On many occasions it is as simple as entering a specific string of characters in a web form that does not has been correctly configured/updated/protected”adds Miguel Lopez.
RCE Vulnerabilities
A remote code execution (RCE) vulnerability is a type of weakness in a software or system that allows attackers to execute malicious code remotely. This means that cybercriminals can take control of a system and perform unauthorized actions.
In this case, the attackers exploit a vulnerability in the software to send malicious commands or instructions to the targeted system and allows the attacker to perform various actions, such as stealing sensitive information, manipulating data, or even taking complete control of the system.
RCE vulnerabilities can be extremely dangerous as they allow attackers to take advantage of systems and gain access to sensitive functions and data.
Apache Tomcat: Remote Code Execution (RCE)
Apache Tomcat is a very popular web server used to host and run web applications in Java environments. However, like any other software, it may have vulnerabilities that cybercriminals try to exploit. One of the most concerning vulnerabilities is Remote Code Execution (RCE) in Apache Tomcat.
In the case of this web server, this vulnerability allows attackers to execute code on it, which can lead to serious consequences such as data theft, system damage, or even complete server takeover.
“The main problem is the lack of updating of production systems, especially with regard to servers, the web and databases, as well as the lack of adequate security measures. In general, the lack of updating of their environments and the lack of of security measures”explains the expert interviewed in general terms.
PHP Unit – RCE
The PHP Unit – RCE refers to a vulnerability that affects applications and websites that use the PHP programming language.
In layman’s terms, this means that cybercriminals can exploit this vulnerability—it is estimated that around 80% of web pages are based on PHP frameworks—to remotely execute malicious code on a system.
When developers create web applications with PHP, they use different units or components to aid development. One of these units is PHPUnit, a tool used to perform tests on PHP code. However, if proper security measures are not applied, it can become a gateway for remote code execution attacks.
“PHP applications can be found in common content management systems like WordPress and MailChimp or other third-party modules, so the potential scope of a successful security breach is extensive. A successful attack would allow an attacker to execute code within a compromised PHP application and gain control of the system it is embedded in. The vulnerability dates back to 2017”adds Miguel Lopez.
“There is still a lot to do, initiatives in this field are still rare and rare”ends Miguel López.