Light Dark
May 5, 2016 By Scott Craig 2 min read
X-Force
Threat Intelligence

Sophisticated cyberattacks grab the headlines these days. But with attention focused on advanced persistent threats and mutating malware, it’s easy to overlook older attacks that are still successful. To keep awareness up, the IBM X-Force threat research team has a new report on old favorites: “Beware of Older Cyber Attacks.”

An assessment of recent data from IBM Managed Security Services (MSS), which continuously monitors billions of events reported by 8,000-plus client devices in over 100 countries, revealed some interesting findings about attack vectors that don’t make headlines anymore: footprinting and brute-force attacks.

What’s Old Is New Again

Often viewed as more of pre-attack reconnaissance used to gather information on potential targets, footprinting encompasses several attack techniques, among them network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.

Generally, multiple ports are scanned, often coupled with a service (or port) sweep in which multiple hosts in a network are checked for a specific open service port. Service sweeps are often ignored by security monitoring since they occur so regularly and don’t generally warrant an immediate response. The report revealed that the Telnet port was sought out 79 percent of the time during a two-day period in Q1 2016.

Brute-Force Attacks Make a Comeback

A brute-force password attack is a tactic in which an intruder tries to guess a username and password combination to gain unauthorized access to a system or data. Often an attacker will come across a new system during a footprinting attack and see a login screen banner. A banner that reveals the operating system version will give the attacker an idea of what system-level account names to begin trying, such as admin.

Attackers may also target the secure shell (SSH) service because it provides shell account access across the network. SSH brute-force attacks peaked in May 2015, then trended downward for the rest of the year except for a slight increase in December over November.

It’s likely that the botnet known as SSHPsychos was responsible for much of the activity early in the year. The downward trend in later months reflected efforts by members of the security community to mitigate this threat.

Fortunately, many tools and techniques to thwart these older kinds of cyberattacks have been developed over the years. Organizations that apply them in their environments will be better equipped to deal with ongoing threats. Read the paper to learn more about the attacks and what IBM X-Force recommends to combat them.

Read the full IBM X-Force research report: Beware of older cyber attacks

 |  |  |  | 
Scott Craig
Threat Researcher, IBM

More from X-Force
January 17, 2025

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

January 6, 2025

Abusing MLOps platforms to compromise ML models and enterprise data lakes

15 min read - For full details on this research, see the X-Force Red whitepaper “Disrupting the Model: Abusing MLOps Platforms to Compromise ML Models and Enterprise Data Lakes”.Machine learning operations (MLOps) platforms are used by enterprises of all sizes to develop, train, deploy and monitor large language models (LLMs) and other foundation models (FMs), as well as the generative AI (gen AI) applications built on top of these models. The rush to leverage AI throughout enterprises has meant that security has been often…

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature