Four Attack Vectors for Web Applications Targeted by Ransomware

This is part of Solutions Review’s Premium Content Series, a collection of reviews written by industry experts in maturing software categories.

The shift to remote working has pushed even more applications out of the data center and onto the internet. Sometimes the rush to keep business services running means security has been neglected, and cybercriminals are ready to exploit these vulnerabilities.

the 2021 Verizon Data Breach Investigation Report shows that for hacking, web applications are the largest attack vector used, accounting for over 80% of all data breaches. It’s important to understand that application and access protection is as essential as email security in defending against ransomware and other malware.

Applications are now a major target for ransomware, so there are four attack vectors you need to be prepared to protect: application access, web application vulnerabilities, infrastructure access, and movement. lateral.

1. Access to applications

To identify whether application access is a potentially compromised issue for your organization, you need to answer a few key questions.

  • Do your remote or contract workers use unmanaged devices or bring your own device (BYOD)? Mobile devices are the most common example. An unmanaged or BYOD device can be compromised and then used to extract credentials or further attack your app.
  • Do you have visibility into all network users and devices? For example, you need to know who is connecting to your guest network and whether it is properly segmented.
  • Do you have an audit trail of who accesses what and when? You should be able to look back and see who is accessing your apps, how they are accessing them, and if they have the correct permissions.

If a device that is not supposed to be allowed on the network is connected to your network and someone has installed hacking tools on it, this is a serious problem. And if you don’t have visibility into all of this, it becomes difficult to identify who is accessing what and what the vulnerability is, so you won’t be able to close the vulnerable surface or block the attacker’s access.

2. Web application vulnerabilities

Web application vulnerabilities are the next attack vector you need to assess to determine how secure your applications really are.

Consider the following questions:

  • How secure is your website? When was it last updated?
  • Do you have forms on your site? How to prevent attacks via forms?
  • Do you accept file uploads on your site? How do you protect yourself against malware?

Enabling HTTPS is not enough to secure your site. It just means an attacker can’t spy on someone logging into your site to steal their credentials. Cybercriminals can still perform a brute force attack in this HTTPS framework to try to determine the correct connections for your site.

Having CAPTCHA or reCAPTCHA in front of login forms on your site is also insufficient because it is easy for people to automate and circumvent these services.

Rate-limited connections or IP addresses are another security measure that hackers can easily bypass using slow, slow attacks and various automation schemes.

If you’re accepting file downloads, that’s another issue you need to address. It is quite common for attackers to attempt to breach a website by downloading a malicious virus or ransomware.

3. Access to infrastructure

Since the start of the COVID-19 pandemic, many organizations have used VPN to provide access to internally hosted applications. This happens when there is no SaaS replacement for some self-hosted applications. Providing home VPN access is the only way to make business work. Without good identity and access practice, however, this approach is a “ticking time bomb waiting to explode”. Many already stolen credentials can share usernames and passwords used to access infrastructure, creating a real risk that could expose your network, applications, and data.

4. Lateral movements

After compromising your application or infrastructure with stolen credentials, attackers will try to go deeper into the network and perform other attacks that way, so this is the fourth attack vector that you have to deal with.

Ask the following questions:

  • Is your corporate network divided into properly protected segments?
  • Is multi-factor authentication enabled for network access?

Defining proper segmentation for your network takes a lot of time and effort, and it’s easy to find reasons to open two segments and allow access from one segment to the other. Ultimately, this leads to opening up access in ways you didn’t want.

Multi-factor authentication adds another important layer of protection to help prevent attackers from gaining access to the network.

Flemish Shi
Latest posts by Fleming Shi (see everything)