Threat actors are exploiting web applications
2024-1-23 23:1:23 Author: securityboulevard.com(查看原文) 阅读量:13 收藏

illustration of thief stealing from browser

Due to digital transformation, work from anywhere policies and Software as a Service (SaaS) platforms, the browser has emerged as the main business tool today. Users from anywhere can access thousands of applications through the Internet, using them for critical business functions that keep operations moving under any circumstances.

Unfortunately, popularity breeds risk. Threat actors are increasingly targeting web applications as a way to gain an initial access into organizations’ networks, allowing them to spread to more valuable targets and deploy their payload. These applications are at times engineered with faulty code that makes them vulnerable to enterprising threat actors and are often misconfigured by customers. Coupled with the fact that these apps live on the public Internet, it’s easy to see how today’s web applications are a major security risk for organizations. Breaches can lead to a loss of productivity, ransomware, data loss, a loss of customer trust and legal liability.

The headlines are full of web application breach examples

The latest campaign by North Korean threat actor the Lazarus Group uses security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Targeting the manufacturing, agriculture and physical security sectors, the campaign targets unpatched web applications using older versions of Log4Shell despite the known vulnerabilities. Experts estimate that 30% of Log4j applications are utilizing a vulnerable version of the library. Lazarus is using the exploit to deploy malware on infected endpoints that allow the attackers to gather system information, download additional files and exfiltrate data. It can even uninstall and upgrade itself.

A recently discovered NetScaler bug called Citrix Bleed allows threat actors to gain access to the administration console, allowing threat actors to bypass password requirements and multifactor authentication (MFA). Recent attacks against Toyota and Boeing have been targeted with this exploit and have experienced ransomware attacks that have left thousands of users idle, unable to access the productivity tools in their virtual environments.

Both of these examples show how unpatched or misconfigured web applications can easily lead to a breach.

Menlo Security Secure Application Access

In order to combat these threats against web applications, security teams need better visibility into the browser itself – specifically who is accessing what application and for what reason.

Menlo Security’s Secure Application Access provides application access only to configured authorized users by isolating browser to application communication in a remote browser in the cloud. Fetching and serving application content in a secure cloud browser away from the end point protects the organization from attacks using protocol manipulation, session hijacking, cookie stealing and other web-based application vulnerabilities. Most importantly, Menlo Secure Application Access stops these attacks without inhibiting access by authorized users.

Prevention without limiting productivity

Bad actors are targeting vulnerabilities in browser-based applications more than ever before – posing a significant risk to the organization. Recent attacks have impacted thousands of users at big brands around the world, preventing them from accessing virtual productivity applications. Menlo Security’s Secure Application Access solves this problem by isolating browser to isolation communication in a remote browser in the cloud far from the end device. This prevents threat actors from using application vulnerabilities to gain an access on the end device and spread throughout the network – and it does this without limiting authorized access by legitimate users.

Learn more about how you can secure your web applications without limiting the productivity of authorized users.

The post Threat actors are exploiting web applications appeared first on Menlo Security.

*** This is a Security Bloggers Network syndicated blog from Menlo Security authored by Negin Aminian. Read the original post at: https://www.menlosecurity.com/blog/threat-actors-are-exploiting-web-applications/


文章来源: https://securityboulevard.com/2024/01/threat-actors-are-exploiting-web-applications/
如有侵权请联系:admin#unsafe.sh