IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Russia launched over a million cyber attacks in three months

Unit 42 researchers found 75% of the attacks were critical

Over a million network attacks originated from Russia from November 2020 to January 2021, according to a new report.

Unit 42 security researchers looked at network attack trends from last winter and found that 1.3 million seemed to originate from Russia. The US and China were numbers two and three, respectively. 

The researchers looked at over six million potential attacks caused by network traffic triggers. Of those, researchers classified 3.47 million as true attacks. Of all the attacks observed, researchers classified 75% as critical. That’s a sizable jump compared to the 50.4% classified as critical in the fall of 2020

The most popular form of attack was code execution, accounting for 46.6% of all attacks. Code execution and privilege escalation represented 17.3% of attacks, and 9.9% of attacks were SQL injection.

Over the three months, the most exploited vulnerabilities targeted vendors Linksys, D-Link, ThinkPHP, Drupal, and WordPress.

Several newly observed exploits emerged, including CVE-2020-28188CVE-2020-17519, and CVE-2020-29227, and hackers continuously exploited them in the wild as of late 2020 to early 2021.

The researchers found hackers frequently used vulnerabilities disclosed within the past year and exploited them between 2017 and 2020. They added that this highlighted the importance of applying security patches as soon as they become available to protect against the most recently discovered vulnerabilities.

One such flaw noted in the report was CVE-2020-28188. Researchers said TerraMaster Operating System’s PHP page /include/makecvs.php is vulnerable to a command injection vulnerability. In this vulnerability, an attacker can send a payload that will exploit the event parameter in the makecvs PHP page. After successful exploitation, attackers can take full control of servers. 

Another flaw mentioned was CVE-2020-17519. This vulnerability is due to a lack of proper checks on a user-supplied file path in Apache. 

Related Resource

Taking a proactive approach to cyber security

A complete guide to penetration testing

A complete guide to penetration testing - whitepaper from CyberCxDownload now

Flink's org.apache.flink.runtime.rest.handler.cluster.JobManagerCustomLogHandler class. A remote unauthenticated attacker can easily craft and send a directory traversal request, gaining access to sensitive information in the form of arbitrary files, said the researchers.

Researchers said that the data during the three-month period indicated attackers prioritize easily deployed and newly disclosed exploits. 

“While they keep ready-made, weaponized exploits handy, attackers will continuously enrich their arsenal with newly released vulnerabilities and the associated proofs-of-concept. This underscores the need for organizations to patch and implement best security practices regularly,” said researchers.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

What is hacktivism?
hacking

What is hacktivism?

27 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Microsoft finally adds Power BI integrations to PowerPoint and Outlook
business intelligence (BI)

Microsoft finally adds Power BI integrations to PowerPoint and Outlook

25 May 2022