Sophisticated cyberattacks grab the headlines these days. But with attention focused on advanced persistent threats and mutating malware, it’s easy to overlook older attacks that are still successful. To keep awareness up, the IBM X-Force threat research team has a new report on old favorites: “Beware of Older Cyber Attacks.”

An assessment of recent data from IBM Managed Security Services (MSS), which continuously monitors billions of events reported by 8,000-plus client devices in over 100 countries, revealed some interesting findings about attack vectors that don’t make headlines anymore: footprinting and brute-force attacks.

What’s Old Is New Again

Often viewed as more of pre-attack reconnaissance used to gather information on potential targets, footprinting encompasses several attack techniques, among them network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.

Generally, multiple ports are scanned, often coupled with a service (or port) sweep in which multiple hosts in a network are checked for a specific open service port. Service sweeps are often ignored by security monitoring since they occur so regularly and don’t generally warrant an immediate response. The report revealed that the Telnet port was sought out 79 percent of the time during a two-day period in Q1 2016.

Brute-Force Attacks Make a Comeback

A brute-force password attack is a tactic in which an intruder tries to guess a username and password combination to gain unauthorized access to a system or data. Often an attacker will come across a new system during a footprinting attack and see a login screen banner. A banner that reveals the operating system version will give the attacker an idea of what system-level account names to begin trying, such as admin.

Attackers may also target the secure shell (SSH) service because it provides shell account access across the network. SSH brute-force attacks peaked in May 2015, then trended downward for the rest of the year except for a slight increase in December over November.

It’s likely that the botnet known as SSHPsychos was responsible for much of the activity early in the year. The downward trend in later months reflected efforts by members of the security community to mitigate this threat.

Fortunately, many tools and techniques to thwart these older kinds of cyberattacks have been developed over the years. Organizations that apply them in their environments will be better equipped to deal with ongoing threats. Read the paper to learn more about the attacks and what IBM X-Force recommends to combat them.

Read the full IBM X-Force research report: Beware of older cyber attacks

More from X-Force

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - Summary As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today