We tend to think cybercriminals spend a lot of their time looking for new vulnerabilities and, therefore, unknown for developers. This is sometimes true, among all in the case of vulnerabilities zero-day. This are unknown vulnerabilities for which no solutions exist. They are very «profitable» once discovered, but costly to identify.

As a result, much of the cybercriminal’s time is spent exploiting know and yet unpatched bugs. Isn’t it ironic? It is, on paper, very easy to protect against these attacks: smply updata the software installed on your device with the latest know security versions.

The user is often the weakest link in the whole cybersecurity chain, so that, yes: the task of patcing the software sometimes left orphaned. Nobody is in charge when it is the time, or actulizations are programmed for a non immediate concret date. The reasons for that to happen: lack of time, people or resources. The reality is that, in many companies, critical security flaws are not corrected in time. That is the moment when cybercriminals take profit of its «obvious» attacks.

When do cybercriminals attack? How do they do that?
To lauch such attacks, cybercriminals look not only at how to carry them, but also at what time they will be most effective. According to analysis by Barracuda, a security service provider, automated criminal bots tend to lauchs their attacks on weekdays.

In this way, the traffic generated by attacking the systems is better camouflaged among the normal trafic of a working day. It is more difficult to detect the malicious practices during those days than on a weekeng, when there is much less activity.

The report notes some known techniques used by criminals to carry out the attacks. In fact, they observed how the attacks corresponded with the most common types. For example, there are reconnaissance or fuzzing attacks against the vurnerabilities of applications (WordPress is the most popular here)

Fuzzing (or fuzz testing) is a technique that consist of semi-automatic or automatic test in which random, invalid and unexpected data is injected into the input of a given software. It is a technique used to check security of the input in term of data validateion, but it can also easily reveal vulnerabilities that can be exploited by criminals.

On the other side, the command injection is the most common attack, especially against Windows (or an operating system, in general). In these attacks, criminals execute arbitrary commands in the hope of compromising a vulnerable application. Another of the most common and widely used methods is the SQL injection attack. In this attack, malicious SQL statements are injected via web form or other client interface that supports them.

How to protect against these attacks
First step is to maintain softwre updated with the latest security patches. Apart from this, it is necessary to protect the organization against all possible security breaches, so it is advisable to use a web application firewal or a WAF (Web Application Firewall) product as service.
Ideally, a WAF-as-a Service or WAAP (Web Application API Protection) solution would be ideal which includes, at least, bot mitigation, protection against DDoS, APIs security and protection against credentials theft. And all this, taking into account that it should be well configured (one of the major business vulnerabilities)