Sophisticated cyberattacks grab the headlines these days. But with attention focused on advanced persistent threats and mutating malware, it’s easy to overlook older attacks that are still successful. To keep awareness up, the IBM X-Force threat research team has a new report on old favorites: “Beware of Older Cyber Attacks.”

An assessment of recent data from IBM Managed Security Services (MSS), which continuously monitors billions of events reported by 8,000-plus client devices in over 100 countries, revealed some interesting findings about attack vectors that don’t make headlines anymore: footprinting and brute-force attacks.

What’s Old Is New Again

Often viewed as more of pre-attack reconnaissance used to gather information on potential targets, footprinting encompasses several attack techniques, among them network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.

Generally, multiple ports are scanned, often coupled with a service (or port) sweep in which multiple hosts in a network are checked for a specific open service port. Service sweeps are often ignored by security monitoring since they occur so regularly and don’t generally warrant an immediate response. The report revealed that the Telnet port was sought out 79 percent of the time during a two-day period in Q1 2016.

Brute-Force Attacks Make a Comeback

A brute-force password attack is a tactic in which an intruder tries to guess a username and password combination to gain unauthorized access to a system or data. Often an attacker will come across a new system during a footprinting attack and see a login screen banner. A banner that reveals the operating system version will give the attacker an idea of what system-level account names to begin trying, such as admin.

Attackers may also target the secure shell (SSH) service because it provides shell account access across the network. SSH brute-force attacks peaked in May 2015, then trended downward for the rest of the year except for a slight increase in December over November.

It’s likely that the botnet known as SSHPsychos was responsible for much of the activity early in the year. The downward trend in later months reflected efforts by members of the security community to mitigate this threat.

Fortunately, many tools and techniques to thwart these older kinds of cyberattacks have been developed over the years. Organizations that apply them in their environments will be better equipped to deal with ongoing threats. Read the paper to learn more about the attacks and what IBM X-Force recommends to combat them.

Read the full IBM X-Force research report: Beware of older cyber attacks

More from X-Force

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today