Recent cyberattacks on the Spring Java framework and Internet of Things (IoT) devices have been detailed in a report shared by the Cyble Vulnerability Intelligence Unit. The report, which highlights over 30 active attack campaigns targeting well-known vulnerabilities, reveals a concerning trend in the cybersecurity landscape.
One of the key vulnerabilities outlined in the report is CVE-2024-38816, a critical flaw affecting the Spring Java framework. This vulnerability, currently being assessed by the National Vulnerability Database (NVD), allows attackers to exploit a severe path traversal vulnerability. By crafting malicious HTTP requests, attackers can potentially access sensitive files on systems running the Spring application, putting users at risk.
The report also brings to light the exploitation of a vulnerability linked to IoT devices, with over 400,000 attacks reported. This emphasizes the importance of securing IoT devices and implementing necessary measures to protect against cyber threats in this domain.
Another vulnerability identified in the report is CVE-2020-11899, a medium-severity out-of-bounds read vulnerability in the Treck TCP/IP stack. This vulnerability, part of the “Ripple20” series, has been the target of 411,000 attacks aimed at gaining administrative privileges. The report also notes attacks against additional “Ripple20” vulnerabilities, underscoring the need for organizations to assess their exposure and implement mitigations.
Beyond these specific vulnerabilities, threats to Linux systems, including the deployment of malware through package managers, remain a persistent issue. Active threats such as CoinMiner, Mirai, and IRCBot continue to pose risks to systems. Vulnerabilities in PHP, GeoServer, and AVTECH IP cameras have also attracted the attention of threat actors, highlighting the importance of vigilant cybersecurity measures.
In a notable development, the report identifies a sharp increase in phishing attempts, with 478 new phishing email addresses reported—a record high. Various scam campaigns, including fake refund claims and lottery scams, demonstrate the diverse tactics employed by cybercriminals to exploit unsuspecting individuals.
Brute-force attacks detected across global locations, with the most targeted ports being 22, 3389, and 445, highlight the importance of protecting defenses by blocking suspicious IP addresses and securing targeted ports. Security analysts are advised to remain vigilant and take necessary actions to safeguard their systems from such attacks.
To mitigate these threats, organizations are urged to adopt proactive security measures such as blocking malicious URLs and email addresses associated with recent scams, patching open vulnerabilities promptly, monitoring internal network alerts, and blocking known brute-force sources. Changing default usernames and passwords, enforcing regular password updates, and using complex passwords for servers and sensitive applications are also recommended to enhance defenses against active threats.
By following these recommendations and staying proactive in their cybersecurity efforts, businesses can strengthen their defenses against the evolving cyber threats identified in the Cyble Vulnerability Intelligence report. Vigilance and swift action are key in mitigating the risks posed by cyberattacks on critical systems and devices.