Over the course of 2019, UKFast’s Threat Monitoring service detected and responded to more than 33 million cyber-attacks across our clients’ networks. Using this wealth of data, we were able to identify the four most common cyber-attack vectors used by criminals in 2019 to target UK businesses.
Here are your four most notorious cyber-attacks of 2019, how they work and what you can do about them in 2020 to protect your business.
1. Malicious POST requests
2. CMS brute-force attempts
3. Cross site scripting
4. Directory traversal attempts
Number of cyber-attacks detected in 2019: 4.3 million
In general, POST requests send data to your server. Whenever you leave a comment, post a tweet, share content or fill out a contact form on a website, you’re sending your content and the data that comes with it to the server as a POST request. This is normal and just an expected part of how the web works. So, what’s the issue?
For your typical server, there is no limit to how many POST requests it can receive. This means that threat actors can flood your server with POST requests at any given moment, bombarding your infrastructure with huge amounts of data and eating into server resources and bandwidth. While your server may be able to handle a constant stream of malicious POST requests without too much distress at first, the cumulative effect of these requests is a seriously strained server struggling to function with diminished resources.
As well as slowing down your server’s response, or even crashing it entirely, often threat actors use these cyber-attacks to highlight further server vulnerabilities which they can exploit.
Number of cyber-attacks detected in 2019: 725,435
In a brute-force attempt, an attacker uses combinations of usernames and passwords, possibly obtained from a list of stolen credentials or through a phishing campaign targeting employees within your organisation. As the name suggests, the attacker attempts to force their way into your CMS, hammering your login page with combinations of usernames and passwords until one is accepted.
The sole aim of this cyber-attack is to gain access to your account – or, in this particular case, access to your CMS – in order to leverage control over your systems, steal your data or carry out further attacks from inside your network. More than 700,000 brute-force attempts on content management systems (CMS) were detected by UKFast Threat Monitoring in 2019, with WordPress and Joomla identified as the most common systems targeted.
Brute-force cyber-attacks are simple in nature and there are some quick wins to be had:
Number of cyber-attacks detected in 2019: 699,817
How does it work?Cross-site scripting (XSS) is a form of web vulnerability, and the name of a client-side attack. Hackers inject and run malicious script into a legitimate web page, which allows them to compromise the interactions that users have with a vulnerable application. Any malicious code on the targeted site is trusted by users because it appears to have come from the legitimate source.
XSS allows the attacker to use the trusted web page server to send malicious data, steal cookies containing sensitive information, and monitor the activity of unsuspecting application users. This can lead to data breaches or even complete control over the application if the information stolen contains credentials used to access admin privileges.
Cross-site scripting (XSS) was labelled as one of the most widely-used attack methods of 2019. And with a large proportion of our workloads and revenue now dependent on web-based applications, defence against web-based attacks is paramount. XSS attacks can be mitigated by using a variety of measures in tandem:
Number of cyber-attacks detected in 2019: 586,042
Directory traversal, also known as file path traversal, is a web security vulnerability which allows an attacker to access restricted directories and read files on an application’s server.
For example, take a page on your website which displays an image. This image will have an associated URL and to load the content of the image file the application appends the requested filename to a base directory then uses a filesystem API to read the contents of the file. In some cases, this inputting of URLs to request files from your server is unprotected and so attackers are able to input their own URLs which request an arbitrary file from your server’s filesystem. This is done by using sequences and other techniques designed to bypass the levels of a directory’s structure, ultimately giving access the root filesystem. Since all your other file systems are mounted upon your root filesystem, from here the hacker can modify application data or behaviour and ultimately take full control of your server.
Files affected include application code and data, credentials for back-end systems, and sensitive OS files. Directory traversal is usually carried out with the intent to gain control over your server, steal your business-critical data and cause a data breach.
The most effective way to prevent directory traversal vulnerabilities is to avoid passing user-supplied input to filesystem APIs altogether, often circumvented by rewriting application functions.
If passing user-supplied input to filesystem APIs if unavoidable, then two layers of defence should be used together to prevent attacks:
To avoid potential downtime, slow site speeds and data breaches, defending against these four common cyber-threats is essential. But we understand that for many businesses, the process of monitoring, detecting and responding can be time-consuming and inconvenient.
That’s why, as well as monitoring, detecting and blocking cyber-threats in action, UKFast Threat Monitoring:
Join the hundreds of businesses already taking advantage of UKFast’s Threat Vision service and ensure you’re protected against the biggest cyber-threats in 2020.
Have 2020 vision when it comes to network security. Find out more about UKFast Threat Vision from our security experts.
