Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.
  • 21 October 2021 16:07

Rise in RCE attacks threatens APAC businesses – Barracuda

Businesses in Asia-Pacific could unwittingly allow hackers to gain access and control their computer systems remotely, if they don’t take steps to resolve remote code execution (RCE) bugs making them vulnerable, according to new research from Barracuda, a trusted partner and leading provider of cloud-enabled security solutions.

Examining exploitation activity and attack patterns for two remote code execution vulnerabilities affecting Atlassian's collaborative team workspace Confluence, and Microsoft's Azure Open Management Infrastructure (OMI), between August and September, Barracuda researchers found spikes in attacks coming from more than 500 unique attacker IP addresses.

Remote code execution (RCE) vulnerabilities, describe the execution of arbitrary code on a computer system, which allows a threat actor to gain control of a system remotely. This can be particularly dangerous if the RCE allows the execution of malicious code onto an application or server.

Originally reported back in August, The Atlassian Confluence OGNL injection vulnerability, was added to the National Vulnerability Database (CVE-2021-26084), however, Barracuda researchers noted that attacks have continued to stay elevated as many Confluence users still have a vulnerable version of the software.

This is also the case for Microsoft Azure, which reported a vulnerability affecting Azure OMI (CVE-2021-38647) in mid-September, posing a risk to Azure customers until they update their systems to the latest version of the software.

During Barracuda’s analysis of attacks over the 45-day period in August and September, 550 unique attacker IPs were discovered to have attempted to exploit the Atlassian Confluence vulnerability, and 542 unique attacker IPs were attempting to exploit the Azure OMI vulnerability.

Behind each IP were multiple attackers, which means the number of attacks were significantly higher than the number of IPs. Researchers uncovered this information using client fingerprinting and other techniques.

“Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks. However, all-in-one solutions are now available to protect your web applications from being exploited because of these vulnerabilities,” said Tushar Richabadas, Senior Manager, Applications and Cloud Security, Barracuda.

“The need for a WAF-as-a-Service or Web Application & API Protection (WAAP) solution has never been more relevant than now, with many workforces across APAC still supporting remote work and a lot of applications moving online. Organisations need to ensure they have a solution that includes bot mitigation, DDoS protection, and API security to stay protected against these increasingly nasty attacks.”

Submit a media release