In the second half of 2022, a predicted but strikingly increasing trend was detected by our SOC. An increase in automated attacks.
All devices connected to the Internet will sooner or later encounter curious visitors. Whether it's a camera system, SCADA system or webshop. Often these are automated reconnaissance attempts. It usually starts with the discovery of a new vulnerability. Then a detection method is written that looks for targets susceptible to the new vulnerability. Once a target is found, the follow-up differs.
For websites, webshops and web applications, we often see a short pause after a potential target has been detected. It seems there is human judgment involved. Then within 24 hours to a week comes an attack that is almost always automated for this type of target as well. Probably because these are bulk attacks that simply target almost anything vulnerable. The goal is to exploit the vulnerability and penetrate the system.
In this type of attack, the motive is almost always economic. The web presence is provided with a so-called backdoor. This makes it easier for the attackers to get back in at a later time. Once this backdoor is placed, it also does not matter if the vulnerability is fixed through an update. The attackers have gained and secured access already. It is therefore a race against time for them to get ahead of the updates.
After the backdoor is placed, several subsequent actions happen. These are aimed at ensuring future access, remaining undetected and, of course, the main motive: getting something out of it. As mentioned, this type of attack is almost always economically driven nowadays. Possible follow-up actions include using the server to send spam emails, redirecting checkouts to malicious checkouts, stealing credit card information or capturing customer data to later offer for sale to other criminals.
The second half of 2022 shows a sharp increase in detection attempts of vulnerabilities. This was anticipated. The global deteriorating economic climate historically always contributes to this.
In addition to keeping your systems up-to-date, it is advisable to increase monitoring in the last quarter. Especially in online retail.