Internet Information Services (IIS) attacks showed a 782x increase, from 2,000 to 1.7mn, since the last quarter, according to a new threat report from eSentire, a pure-play Managed Detection and Response (MDR) provider
Drupal and Oracle WebLogic web technologies have also experienced increased attacks in Q2 2018.
Analysis of the attacks by eSentire Threat Intelligence revealed that both IIS and WebLogic exploits maintained a consistent number of attacks (about 200) per IP across organisations, with those attacks originating from servers hosting Apache, RDP, SQL, IIS, and HTTP API services.
Most sources targeting IIS web servers originated from China-based IP addresses. According to Shodan, a search engine, there are 3.5mn IIS web servers exposed (with 1mn in China). The compromised servers largely originated from Tencent and Alibaba.
Kerry Bailey, CEO of eSentire, said, “IIS is a popular web server, with prevalence in the US and China. Organisations using web servers need to make sure they monitor for these vulnerabilities and update or patch as necessary. Oracle WebLogic is another web server that saw a lot of attacks and we’ve seen Apache attacks reported too.”
“Web servers are exposed de facto, which makes them a primary target, and we saw continued attacks against IIS continue in Q3 2018. IIS patches for earlier versions, like 6.0, are available. Otherwise, users should consider updating to more recent versions of the web server,” he added.
The finding also indicated biotechnology, accounting, real estate, marketing, and construction as the five most affected industries.