10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that we’ve learned from analyzing a subset of our overall global network traffic.
Since last week, attackers have used a combination of manual and automated tools to target 84,000 sites protected by Imperva Cloud WAF. Across the targeted sites, Imperva Cloud WAF hasblocked more than 20 million attacks that were attempting to exploit CVE-2021-44228.
Imperva is proactively reaching out and working closely with customers whose sites are being heavily targeted. Specifically, we have created and delivered attack-related dashboards, reports, and statistics to highly targeted customers.
One thing many people don’t realize is that we’ve built advanced client classification detection algorithms in our Cloud WAF. We leverage client classification as part of our overall security defense system, and of course share the highlights in our customer dashboards. Client values include things like web browser names (Chrome, Safari, etc.) as well as developer tools (cURL, wget, etc.).
When looking at the overall logs, we found a couple of interesting data points with respect to the clients that generated this attack traffic:
The top targeted industries include the following:
As you can see from the above chart, it appears like a normal distribution across targeted industries.
When factoring in the attacking country of origin targeting the United States, the data reveals several interesting points.
It gets even more interesting when breaking down the attacking countries targeting industries:
Imperva Threat Research is currently working on an exciting report around attack variants, how we responded, and even some video demonstrations. We look forward to sharing that report on the Imperva Blog in the coming days.
Learn how Imperva is continuing to stay ahead of CVE-2021-44228. For customers looking for support, please access the Imperva Support Portal. If you’re looking for protection from CVE-2021-44228, please contact us.
The post 5 Things We’ve Learned About CVE-2021-44228 appeared first on Blog.
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C