This report is a summary of Web Applicaiton attacks detected and mitigated by UltraWAF for the month of October 2024. It is a recurring report highlighting monthly trends observed by the platform and analysts.
In October 2024, Vercara’s UltraWAF platform processed over 595 million web requests, reflecting a slight decrease from the month prior. Of those requests, approximately 16.97% (over 101 thousand) were identified as being malicious with another 2.28% (over 13 thousand) being bot traffic. One of the most notable trends was a 3,100% increase in XML WSI Error Body Environment Namespace category, an indicator of potential XML structure issues that could be exploited for attacks such as XML injections, Denial-of-Service (DoS), WAF bypassing or XML External Entity (XXE) attacks.
The most common attack category observed was the Cookie category, accounting for around 44% of all malicious activity. There was no change in the top three targeted industry with Travel/Hospitality still number one with around 41% of all attacks directed towards that industry.
Highlighted attack payloads revealed multiple CVEs being exploited. Notable examples include a command injection vulnerability in TP-Link Archer routers (CVE-2023-1389), which allowed for remote code execution via unsensitized input. Another example was reconnaissance activity targeting InfluxDB instances (CVE-2022-36640) to extract server diagnostics and performance data. An Apache Solr vulnerability (CVE-2023-50292) allowed attackers to gather core configuration information for potential follow-up attacks.
Additionally, PHP web applications were targeted with Local File Inclusion exploits (CVE-2023-4113), using pearcmd to inject code for further malicious actions, and Remote File Inclusion (CVE-2024-4577) exploits, leveraging misconfigured PHP on Windows servers for unauthorized code execution.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more