New Cybersecurity Report Warns of Widespread Web Application Vulnerability Threatening Businesses
A recent report by cybersecurity firm Check Point reveals that a serious vulnerability in web applications, known as Server-Side Template Injection (SSTI), is exposing numerous businesses to significant risk. This flaw enables cybercriminals to execute malicious code on websites, allowing them to access sensitive information.
Over the past three months, SSTI attacks have targeted one in every 16 organizations on a weekly basis, with retail and wholesale sectors being the most affected, experiencing attacks in one out of every 11 organizations weekly. Financial institutions, including banks, were also frequently targeted, with one in every 15 facing weekly attacks. “SSTI vulnerabilities can have devastating effects,” warns Check Point. “They give attackers the potential to gain complete control of systems, exfiltrate critical data, and severely damage a company’s reputation.”
Notable platforms have already been compromised by SSTI attacks, including Atlassian Confluence, a widely used collaboration tool, as well as file-sharing services like CrushFTP and Rejetto HTTP File Server. Check Point researchers also discovered that hackers are employing sophisticated techniques to evade detection, such as encoding their attacks and using advanced programming methods. Some attackers have even covertly installed software to mine cryptocurrency using the victim’s computer resources.