Four Attack Vectors for Web Applications Being Targeted by Ransomware

Four Attack Vectors for Web Applications

This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Barracuda Networks CTO Fleming Shi outlines four attack vectors for web applications being targeted by ransomware.

The shift to remote work has pushed even more applications out of the data center and onto the internet. Sometimes the rush to keep business services functioning meant that security was overlooked, and cybercriminals are ready to exploit these vulnerabilities.

The Verizon 2021 Data Breach Investigations Report shows that for hacking, web applications are the biggest attack vector in use, accounting for more than 80 percent of all data breaches. It’s important to understand that protecting applications and access is as critical as email security in defending against ransomware and other malware.

Applications are now a leading target for ransomware, so there are four attack vectors you need to be prepared to protect: application access, web application vulnerabilities, infrastructure access, and lateral movement.

Application Access

To identify if application access is a problem that could be compromised for your organization, there are a few key questions you need to answer.

  • Do your remote or contract workers use unmanaged devices or Bring Your Own Device (BYOD)? Mobile devices are the most common example. An unmanaged or BYOD device can be compromised and then used to extract credentials or further attack your application.
  • Do you have visibility into all the users and devices on the network? For example, you need to know who is connecting to your guest network and if it is properly segmented.
  • Do you have an audit trail for who is accessing what when? You should be able to look back and see who is accessing your applications, how they are accessing them, and if they have the right permissions.

If a device that is not supposed to be allowed on the network is connected to your network and someone has set up some hacking tools on it, that is a serious problem. And if you don’t have visibility into all of this, it becomes a challenge to identify who is accessing what and what the vulnerability is, so you won’t be able to close the vulnerable surface or block the attacker’s access.

Web Application Vulnerabilities

Web application vulnerabilities are the next attack vector you need to assess to determine how secure your applications really are.

Consider the following questions:

  • How secure is your website? When was it last updated?
  • Do you have forms on your site? How do you prevent attacks through forms?
  • Do you accept file uploads on your website? How do you secure against malware?

Turning on HTTPS is not enough to secure your site. It simply means an attacker cannot eavesdrop on someone logging into your site to steal their credentials. Cybercriminals can still perform a brute force attack within that HTTPs frame to try to figure out correct logins for your site.

Having CAPTCHA or reCAPTCHA in front of login forms on your site is also insufficient because it is easy for people to automate and bypass these services. Rate-limiting logins or IPs is another security measure that hackers are easily able to get around using low-and-slow attacks and various automations systems. If you accept file uploads, that’s another problem you need to address. It’s fairly common for attackers to attempt to breach a website by uploading either a virus or ransomware malware.

Infrastructure Access

Since the beginning of the COVID-19 pandemic, many organizations have used VPN for providing access to internally hosted applications. It happens when there are no SaaS replacements for some self-hosted applications. Providing VPN access from home is the only way to keep the business running. Without proper identity and access practice, though, this approach is a “ticking time bomb waiting to explode.” Many already stolen credentials may share usernames and passwords used for accessing the infrastructure, therefore creating a real risk that could expose your network, applications, and data.

Lateral Movements

After compromising your application or infrastructure with stolen credentials, attackers will try to go deeper into the network and perform further attacks that way, so that is the fourth attack vector you need to address.

Ask the following questions:

  • Is your corporate network divided into properly protected segments?
  • Do you have multifactor authentication enabled for network access?

Setting proper segmentation for your network takes a lot of time and effort, and it’s easy to find reasons to open up two segments and allow access from one segment to another. Ultimately, that leads to access being open in ways you did not want.

Multifactor authentication adds another important layer of protection to help stop attackers from gaining access to the network.

Fleming Shi
Latest posts by Fleming Shi (see all)