Footprinting and Brute-Force Attacks Remain Prevalent
Sophisticated cyberattacks grab the headlines these days. But with attention focused on advanced persistent threats and mutating malware, it’s easy to overlook older attacks that are still successful. To keep awareness up, the IBM X-Force threat research team has a new report on old favorites: “Beware of Older Cyber Attacks.”
An assessment of recent data from IBM Managed Security Services (MSS), which continuously monitors billions of events reported by 8,000-plus client devices in over 100 countries, revealed some interesting findings about attack vectors that don’t make headlines anymore: footprinting and brute-force attacks.
What’s Old Is New Again
Often viewed as more of pre-attack reconnaissance used to gather information on potential targets, footprinting encompasses several attack techniques, among them network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.
Generally, multiple ports are scanned, often coupled with a service (or port) sweep in which multiple hosts in a network are checked for a specific open service port. Service sweeps are often ignored by security monitoring since they occur so regularly and don’t generally warrant an immediate response. The report revealed that the Telnet port was sought out 79 percent of the time during a two-day period in Q1 2016.
Brute-Force Attacks Make a Comeback
A brute-force password attack is a tactic in which an intruder tries to guess a username and password combination to gain unauthorized access to a system or data. Often an attacker will come across a new system during a footprinting attack and see a login screen banner. A banner that reveals the operating system version will give the attacker an idea of what system-level account names to begin trying, such as admin.
Attackers may also target the secure shell (SSH) service because it provides shell account access across the network. SSH brute-force attacks peaked in May 2015, then trended downward for the rest of the year except for a slight increase in December over November.
It’s likely that the botnet known as SSHPsychos was responsible for much of the activity early in the year. The downward trend in later months reflected efforts by members of the security community to mitigate this threat.
Fortunately, many tools and techniques to thwart these older kinds of cyberattacks have been developed over the years. Organizations that apply them in their environments will be better equipped to deal with ongoing threats. Read the paper to learn more about the attacks and what IBM X-Force recommends to combat them.