{"id":4746,"date":"2022-01-20T17:52:50","date_gmt":"2022-01-20T22:52:50","guid":{"rendered":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?p=4746"},"modified":"2022-02-10T10:15:57","modified_gmt":"2022-02-10T15:15:57","slug":"four-attack-vectors-for-web-applications-being-targeted-by-ransomware","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/","title":{"rendered":"Four Attack Vectors for Web Applications Being Targeted by Ransomware"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-4752 size-full\" src=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg\" alt=\"Four Attack Vectors for Web Applications\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg 800w, https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications-300x150.jpg 300w, https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications-768x384.jpg 768w, https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications-540x270.jpg 540w, https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications-162x81.jpg 162w, https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify;\"><strong><em>This is part of Solutions Review\u2019s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, <a href=\"https:\/\/www.barracuda.com\/\" target=\"_blank\" rel=\"noopener\">Barracuda Networks<\/a> CTO Fleming Shi outlines four attack vectors for web applications being targeted by ransomware.<\/em><\/strong><\/p>\n<p style=\"text-align: justify;\">The shift to remote work has pushed even more applications out of the data center and onto the internet. Sometimes the rush to keep business services functioning meant that security was overlooked, and cybercriminals are ready to exploit these vulnerabilities.<\/p>\n<p style=\"text-align: justify;\">The <a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\" target=\"_blank\" rel=\"noopener\">Verizon 2021 Data Breach Investigations Report<\/a> shows that for hacking, web applications are the biggest attack vector in use, accounting for more than 80 percent of all data breaches. It\u2019s important to understand that protecting applications and access is as critical as email security in defending against ransomware and other malware.<\/p>\n<p style=\"text-align: justify;\">Applications are now a leading target for ransomware, so there are four attack vectors you need to be prepared to protect: application access, web application vulnerabilities, infrastructure access, and lateral movement.<\/p>\n<p><span style=\"font-weight: 400;\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"speedbump-1\" href=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/get-free-disaster-recovery-service-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"DRaaS Buyer's Guide\" src=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2020\/02\/DRaaS_SB_BG_800.gif\" alt=\"Download Link to DRaaS Buyer's Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n<h2>Application Access<\/h2>\n<p style=\"text-align: justify;\">To identify if application access is a problem that could be compromised for your organization, there are a few key questions you need to answer.<\/p>\n<ul>\n<li>Do your remote or contract workers use unmanaged devices or Bring Your Own Device (BYOD)? Mobile devices are the most common example. An unmanaged or BYOD device can be compromised and then used to extract credentials or further attack your application.<\/li>\n<li>Do you have visibility into all the users and devices on the network? For example, you need to know who is connecting to your guest network and if it is properly segmented.<\/li>\n<li>Do you have an audit trail for who is accessing what when? You should be able to look back and see who is accessing your applications, how they are accessing them, and if they have the right permissions.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">If a device that is not supposed to be allowed on the network is connected to your network and someone has set up some hacking tools on it, that is a serious problem. And if you don\u2019t have visibility into all of this, it becomes a challenge to identify who is accessing what and what the vulnerability is, so you won\u2019t be able to close the vulnerable surface or block the attacker\u2019s access.<\/p>\n<h2>Web Application Vulnerabilities<\/h2>\n<p style=\"text-align: justify;\">Web application vulnerabilities are the next attack vector you need to assess to determine how secure your applications really are.<\/p>\n<p>Consider the following questions:<\/p>\n<ul>\n<li>How secure is your website? When was it last updated?<\/li>\n<li>Do you have forms on your site? How do you prevent attacks through forms?<\/li>\n<li>Do you accept file uploads on your website? How do you secure against malware?<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Turning on HTTPS is not enough to secure your site. It simply means an attacker cannot eavesdrop on someone logging into your site to steal their credentials. Cybercriminals can still perform a brute force attack within that HTTPs frame to try to figure out correct logins for your site.<\/p>\n<p style=\"text-align: justify;\">Having CAPTCHA or reCAPTCHA in front of login forms on your site is also insufficient because it is easy for people to automate and bypass these services. Rate-limiting logins or IPs is another security measure that hackers are easily able to get around using low-and-slow attacks and various automations systems. If you accept file uploads, that\u2019s another problem you need to address. It\u2019s fairly common for attackers to attempt to breach a website by uploading either a virus or ransomware malware.<\/p>\n<h2>Infrastructure Access<\/h2>\n<p style=\"text-align: justify;\">Since the beginning of the COVID-19 pandemic, many organizations have used VPN for providing access to internally hosted applications. It happens when there are no SaaS replacements for some self-hosted applications. Providing VPN access from home is the only way to keep the business running. Without proper identity and access practice, though, this approach is a \u201cticking time bomb waiting to explode.\u201d Many already stolen credentials may share usernames and passwords used for accessing the infrastructure, therefore creating a real risk that could expose your network, applications, and data.<\/p>\n<h2>Lateral Movements<\/h2>\n<p style=\"text-align: justify;\">After compromising your application or infrastructure with stolen credentials, attackers will try to go deeper into the network and perform further attacks that way, so that is the fourth attack vector you need to address.<\/p>\n<p style=\"text-align: justify;\">Ask the following questions:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Is your corporate network divided into properly protected segments?<\/li>\n<li>Do you have multifactor authentication enabled for network access?<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Setting proper segmentation for your network takes a lot of time and effort, and it\u2019s easy to find reasons to open up two segments and allow access from one segment to another. Ultimately, that leads to access being open in ways you did not want.<\/p>\n<p style=\"text-align: justify;\">Multifactor authentication adds another important layer of protection to help stop attackers from gaining access to the network.<\/p>\n<p style=\"text-align: justify;\"><div class=\"hr hr\"><\/div><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"speedbump-2\" href=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/data-protection-vendor-map\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-2786 size-full\" src=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2020\/02\/DP_VM_SB_800.jpg\" alt=\"Download link to Data Protection Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is part of Solutions Review\u2019s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Barracuda Networks CTO Fleming Shi outlines four attack vectors for web applications being targeted by ransomware. The shift to remote work has pushed even more applications out of the data [&hellip;]<\/p>\n","protected":false},"author":89,"featured_media":4752,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[697,1219],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Four Attack Vectors for Web Applications Being Targeted by Ransomware<\/title>\n<meta name=\"description\" content=\"Barracuda Networks CTO Fleming Shi outlines four attack vectors for web applications being targeted by ransomware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fleming Shi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/\",\"name\":\"Four Attack Vectors for Web Applications Being Targeted by Ransomware\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg\",\"datePublished\":\"2022-01-20T22:52:50+00:00\",\"dateModified\":\"2022-02-10T15:15:57+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/44cfc1d87445cc59a95ffe722bc42d66\"},\"description\":\"Barracuda Networks CTO Fleming Shi outlines four attack vectors for web applications being targeted by ransomware.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg\",\"width\":800,\"height\":400,\"caption\":\"Four Attack Vectors for Web Applications\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Four Attack Vectors for Web Applications Being Targeted by Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/\",\"name\":\"Backup and Disaster Recovery | Solutions Review\",\"description\":\"BDR Software Evaluation: Ransomware Recovery, Cloud Backup &amp; Vendor Showcases\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/44cfc1d87445cc59a95ffe722bc42d66\",\"name\":\"Fleming Shi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e31f420d947bc2637819509dd5782a88?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e31f420d947bc2637819509dd5782a88?s=96&d=mm&r=g\",\"caption\":\"Fleming Shi\"},\"description\":\"Fleming joined Barracuda in 2004 as the founding engineer for the company\u2019s web security product offerings, helping to create the first version of Barracuda\u2019s message archiving product and paving the way for expansion into new content security product areas. As Chief Technology Officer, Fleming leads the company\u2019s threat research and innovation engineering teams in building future technology platforms to deliver continued success in our security and data protection products.\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/author\/fshi\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Four Attack Vectors for Web Applications Being Targeted by Ransomware","description":"Barracuda Networks CTO Fleming Shi outlines four attack vectors for web applications being targeted by ransomware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/","twitter_misc":{"Written by":"Fleming Shi","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/","name":"Four Attack Vectors for Web Applications Being Targeted by Ransomware","isPartOf":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg","datePublished":"2022-01-20T22:52:50+00:00","dateModified":"2022-02-10T15:15:57+00:00","author":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/44cfc1d87445cc59a95ffe722bc42d66"},"description":"Barracuda Networks CTO Fleming Shi outlines four attack vectors for web applications being targeted by ransomware.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#primaryimage","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg","contentUrl":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2022\/01\/Ransomware-Attack-Vectors-for-Web-Applications.jpg","width":800,"height":400,"caption":"Four Attack Vectors for Web Applications"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/four-attack-vectors-for-web-applications-being-targeted-by-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/"},{"@type":"ListItem","position":2,"name":"Four Attack Vectors for Web Applications Being Targeted by Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/","name":"Backup and Disaster Recovery | Solutions Review","description":"BDR Software Evaluation: Ransomware Recovery, Cloud Backup &amp; Vendor Showcases","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/44cfc1d87445cc59a95ffe722bc42d66","name":"Fleming Shi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e31f420d947bc2637819509dd5782a88?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e31f420d947bc2637819509dd5782a88?s=96&d=mm&r=g","caption":"Fleming Shi"},"description":"Fleming joined Barracuda in 2004 as the founding engineer for the company\u2019s web security product offerings, helping to create the first version of Barracuda\u2019s message archiving product and paving the way for expansion into new content security product areas. As Chief Technology Officer, Fleming leads the company\u2019s threat research and innovation engineering teams in building future technology platforms to deliver continued success in our security and data protection products.","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/author\/fshi\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts\/4746"}],"collection":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/users\/89"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/comments?post=4746"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts\/4746\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/media\/4752"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/media?parent=4746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/categories?post=4746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/tags?post=4746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}