OAS - TOP CYBER THREATS 2025 - PART TWO
Network and Application Attacks
As cyber threats continue to evolve, network and application attacks have become increasingly sophisticated, targeting the very core of organizational IT infrastructures.
Below is a summary of the recent increase in these attacks, accompanied by examples of the most common and disruptive incidents.
Distributed Denial of Service Attacks
In 2025, Distributed Denial of Service (DDoS) attacks will remain a significant threat, targeting networks, servers, and websites with overwhelming traffic that exhausts resources and bandwidth, ultimately rendering services inaccessible to legitimate users. The first half of 2024 saw a 25% increase in multi-vector attacks (courtesy of the GTT Editorial Team), characterized by carpet bomb tactics that distribute traffic across multiple IP addresses, presenting real-time challenges for security teams.
Amplification attacks have exacerbated this issue by exploiting publicly accessible servers, such as DNS (Domain Name System), which translates domain names into IP addresses; NTP (Network Time Protocol), which synchronizes clocks across computer networks; and SNMP (Simple Network Management Protocol), which collects information and manages network devices. These attacks significantly amplify the assault, often incapacitating systems within minutes.
Man-in-the-Middle Attacks
Man-in-the-Middle (MitM) attacks occur when unauthorized individuals clandestinely intercept and manipulate communications between two parties, often without their knowledge. As the prevalence of encrypted traffic via HTTPS has grown, these attacks have become more sophisticated. Attackers often exploit vulnerabilities inherent in SSL/TLS protocols or utilize compromised certificates to decrypt and manipulate communications.
In 2024, an incident of a Man-in-the-Middle (MitM) attack was reported by IBM, revealing a vulnerability that security researchers had identified. This vulnerability allowed hackers to conduct a MitM attack by establishing a spoofed WiFi hotspot. Through this approach, the attackers were able to capture account credentials from the company's client database. Consequently, they manipulated these credentials to introduce a new "phone key," granting them unauthorized control over the product's internal mechanisms.
Further reading – to execute a MitM attack.
Injection Attacks
In cybersecurity, an "injection attack" is a type of cyber-attack where a malicious actor exploits vulnerabilities in an application by inserting malicious code or commands into a system through user input, allowing them to manipulate the application's behavior, steal sensitive data, or gain unauthorized access to a system; essentially, the attacker "injects" their own code into the application to execute unintended actions. Key points about injection attacks:
- Exploiting input validation flaws:
Injection attacks primarily target weaknesses in an application's input validation process, where user-provided data is not properly sanitized before being used in the system.
- Common types of injection attacks:
- SQL Injection (SQLi): Inserting malicious SQL queries into a database to access or modify sensitive data.
- Command Injection: Injecting system commands into an application to execute arbitrary code on the server.
- XML External Entity (XXE) Injection: Exploiting vulnerabilities in XML processing to access sensitive system files.
- LDAP Injection: Manipulating LDAP queries to gain unauthorized access to directory services.
How injection attacks work:
- User input:
An attacker provides seemingly normal user input that contains malicious code embedded within it.
- Application processing:
The application, due to its vulnerability, interprets the injected code as part of its legitimate operations.
- Attack execution:
The malicious code executes on the system, allowing the attacker to perform unauthorized actions like accessing databases, modifying data, or gaining escalated privileges.
Part three in the series will cover Digital infrastructure threats