Attacks Against Infrastructure, Hosting Providers
Cybercriminals using automated attack toolkits are frequently targeting web hosting servers, name servers and data centers. Once a configuration error or software vulnerability is found, an exploit is triggered, enabling attackers to gain access to the servers. A successful attack can be extremely lucrative to cybercriminal gangs. One compromised server can infect thousands of websites and site owners around the world, Cisco said.
Among the biggest vulnerability targeted in the attacks are buffer errors, Cisco said, pointing to the DarkLeech attack campaign as an example of the ongoing problem. The automated attack toolkit successfully infected tens of thousands of websites in 2013, targeting Apache server implementations to turn them into a broader botnet. Websites hosted on compromised servers act as both a redirector (the intermediary in the infection chain) and a malware repository, Cisco said.