From the inside or from the outside?

tanjimajuha20 · Post by **tanjimajuha20** » Wed Jan 22, 2025 8:18 am

Nikita Leokumovich also calls attacks on websites using vulnerabilities in content management systems a very common phenomenon: "Each site is managed by a CMS, usually Wordpress and Bitrix. These systems are very similar, and often have common vulnerabilities. Developers regularly fix them, but we often see that companies do not update IT infrastructure applications. We often encounter vulnerabilities dated 2018 or 2019. Below, we will note several classes of critical vulnerabilities containing website programming environments that can lead to data leakage, the transfer of administrator rights from the company to attackers, etc. For example, PHP has the following vulnerabilities: cross-site scripting (XSS), SQL injections, vulnerabilities related to file uploads, authorization, etc."

"In most cases, hackers gained italy whatsapp number database access to data arrays during successful cyberattacks on the companies' infrastructures," the press service of Solar Group believes. "Recently, the goals of the attackers have changed: if before 2022 the vast majority of databases were put up for sale for the purpose of monetization, today hackers are posting at least two-thirds of the data for free for everyone to see in order to inflict maximum reputational and financial damage on Russian organizations."

"The overwhelming majority of leaks are caused by external attackers: targeted attacks and penetrations through vulnerabilities in the system with the aim of stealing databases. The first step is often the seizure of corporate accounts using social engineering methods. With the improvement of digital hygiene, which must be instilled in employees, such cases should become much less," Maxim Akimov is convinced.

However, as shown by the study conducted by InfoWatch Group of Companies together with the BISA Association in September-October 2023, only 59% of companies where leaks occurred investigated their causes. Even fewer - 51% - carry out measures aimed at eliminating the causes of these incidents. At the same time, in 87% of data leaks, the culprits were either current or former employees of the companies, in some cases colluding with external hackers.

Read also
Personal data is mostly leaked from organizations
The lion's share of the data that leaked from companies is traditionally personal data - it accounted for 59%. In second and third place is information constituting a commercial and official secret - 31% and 23% respectively.

According to the results of the study by the integrator Infosystems Jet, threats from insiders have also increased: by the end of the first nine months of 2023, the growth was 50% year-on-year and 25% since the beginning of 2023. The main guarantee of success of attacks on data by internal attackers is that 70% of the companies surveyed have serious shortcomings in managing access to corporate resources.

Read also
The number of insider attacks in 2023 increased by 1.5 times
Experts from Infosystems Jet conducted a study on insider threats. The analysis showed a systematic increase in insider attacks from ordinary users since the beginning of 2023: the number of such incidents has increased by 1.5 times compared to the same period last year. In addition, the demand for insider information in the first half of 2023 increased by 25%.