Overview

 

AhnLab SEcurity intelligence Center (ASEC) uses the AhnLab Smart Defense (ASD) infrastructure to respond to and classify attacks on poorly managed Windows web servers. This report covers the current state of damage to Windows web servers which have become the target of attacks based on the logs identified in the second quarter of 2024 and also discusses statistics on the attacks targeting said servers. Furthermore, the malware used in each attack will be categorized with a summary of the statistical details.

 

Statistics

 

1. Status of Attacks on Windows Web Servers

 

The following image shows statistics on attacks against Windows web servers identified through AhnLab’s ASD logs in the second quarter of 2024.

 

Figure 1. Attacks against Windows web servers in Q2, 2024

 

The “Damage Status” indicates the number of systems that have become targets of malware or threat actors: in other words, systems where the Windows web server has been confirmed as compromised by a threat actor to facilitate malware installation. The Windows web servers discussed here refer to Internet Information Services (IIS) web servers and Apache Tomcat web servers installed on Windows environments. Attacks that target web servers mainly include vulnerability attacks against environments that do not have the necessary security patch applied, attacks against inappropriately set-up environments, and attacks against poorly managed servers.