Sophisticated cyberattacks grab the headlines these days. But with attention focused on advanced persistent threats and mutating malware, it’s easy to overlook older attacks that are still successful. To keep awareness up, the IBM X-Force threat research team has a new report on old favorites: “Beware of Older Cyber Attacks.”

An assessment of recent data from IBM Managed Security Services (MSS), which continuously monitors billions of events reported by 8,000-plus client devices in over 100 countries, revealed some interesting findings about attack vectors that don’t make headlines anymore: footprinting and brute-force attacks.

What’s Old Is New Again

Often viewed as more of pre-attack reconnaissance used to gather information on potential targets, footprinting encompasses several attack techniques, among them network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.

Generally, multiple ports are scanned, often coupled with a service (or port) sweep in which multiple hosts in a network are checked for a specific open service port. Service sweeps are often ignored by security monitoring since they occur so regularly and don’t generally warrant an immediate response. The report revealed that the Telnet port was sought out 79 percent of the time during a two-day period in Q1 2016.

Brute-Force Attacks Make a Comeback

A brute-force password attack is a tactic in which an intruder tries to guess a username and password combination to gain unauthorized access to a system or data. Often an attacker will come across a new system during a footprinting attack and see a login screen banner. A banner that reveals the operating system version will give the attacker an idea of what system-level account names to begin trying, such as admin.

Attackers may also target the secure shell (SSH) service because it provides shell account access across the network. SSH brute-force attacks peaked in May 2015, then trended downward for the rest of the year except for a slight increase in December over November.

It’s likely that the botnet known as SSHPsychos was responsible for much of the activity early in the year. The downward trend in later months reflected efforts by members of the security community to mitigate this threat.

Fortunately, many tools and techniques to thwart these older kinds of cyberattacks have been developed over the years. Organizations that apply them in their environments will be better equipped to deal with ongoing threats. Read the paper to learn more about the attacks and what IBM X-Force recommends to combat them.

Read the full IBM X-Force research report: Beware of older cyber attacks

More from Threat Intelligence

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

15 min read -   April 27, 2023 Update This article is being republished with modifications from the original that was published on April 14, 2023, to change the name of the family of malware from Domino to Minodo. This is being done to avoid any possible confusion with the HCL Domino brand. The family of malware that is described in this article is unrelated to, does not impact, nor uses HCL Domino or any of its components in any way. The malware is…

15 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

An IBM Hacker Breaks Down High-Profile Attacks

5 min read - On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

5 min read