Cybercriminals Resurrect 15-Year-Old Attack Techniques to Unearth and Exploit Vulnerabilities

Cybercriminals are using attack techniques that are up to 15 years old to find and exploit vulnerabilities and security gaps. Cybercrime is built around the efficient exploitation of vulnerabilities, and security teams are always at a disadvantage because they must defend all possible entry points, while an attacker only needs to find and exploit one weakness or vulnerability. Some of the cybersecurity vulnerabilities most commonly exploited by cybercriminals to help distribute ransomware are years old, but attackers are still able to take advantage of them because security updates aren’t being applied.

A new study finds that ransomware attacks are heavily relying on old vulnerabilities, with unpatched issues dating back to 2010 still being exploited. Threat actors can obtain keys through either prior knowledge or exploitation of vulnerabilities present in older, unpatched versions of software.

To prevent cyber attacks, security-conscious users can reduce the success rate of most cyber attacks, but a defense-in-depth strategy is also essential. These should be tested regularly via vulnerability assessments and penetration tests to check for exploitable security vulnerabilities in OSes and the applications they run. Moreover, organizations should prioritize patching and limit service accounts to the minimum permissions necessary to run services