The cybersecurity climate continues to grow increasingly alarming as significant vulnerabilities and surging cyberattacks put organizations at risk. A recent report from the Solar group of companies revealed the startling fact: the power of Distributed Denial-of-Service (DDoS) attacks on Russian structures surged by 3.5 times in 2024 compared to previous years. According to their analysis, hackers executing these attacks have access to more powerful botnets, significantly increasing the threat to various entities.
Throughout 2024, there were 508,000 documented DDoS attacks on Russian organizations, nearly double the number reported for 2023, though still 1.5 times fewer than the height of 2022. Experts suggest this surge correlates with the sophistication of DDoS tactics, as attackers have shifted their focus toward weaker targets. Notably, the maximum duration of these attacks has seen considerable changes, now culminating in only 36 days compared to prior years when it was much higher. "This indicates hackers are concentrating on finding organizations without full protection, where powerful attacks will cause maximum damage," remarked TASS.
Adding another layer to the cybersecurity conversation is the discovery of CVE-2025-24813, a significant vulnerability found within Apache Tomcat. This flaw allows attackers to gain extensive, unauthorized access to servers, giving them the capability to execute arbitrary code remotely without any form of authentication. Cybersecurity analyst Ekaterina Edemskaya from Gazinformservice highlights the severity of this issue, explaining, "Using specially crafted requests, attackers can gain control over the system, introduce malware, steal sensitive data, or use the compromised server as an entry point for other attacks on the infrastructure," as noted in her comments to Telesputnik.
The recent publication of exploit codes, or PoC (Proof of Concept), only simplifies this vulnerability's exploitation, making even less experienced hackers potentially dangerous. When attackers can manipulate requests to trigger the server's flaw, it reflects serious deficiencies not only within the executable environment but also in the server’s HTTP request handling mechanisms. This holds dire consequences for enterprises relying on Tomcat for their business application operations.
Staying informed and proactive about these security risks is imperative for organizations. While updating Apache Tomcat to the latest version is acknowledged as necessary, experts stress it is merely the first step. Edemskaya noted, "Even after patches, vulnerabilities may linger undetected, ready for future exploitation by hackers. The risks can also arise from dependent components like libraries, plugins, and configuration files." Therefore, simply applying updates won't suffice; organizations must implement additional protective measures.
Effective defense strategies include stringent access policies and active monitoring of server activities. SIEM (Security Information and Event Management) systems, such as Ankey SIEM NG, play pivotal roles by aggregately analyzing data from various sources. These systems can identify suspicious behaviors, like abnormal spikes in non-standard HTTP requests or attempts to conduct unauthorized changes. "The system automatically generates alerts for the security service, allowing for timely responses to possible threats," Edemskaya concluded.
With hackers progressively enhancing their capabilities, the convergence of these two updates — the alarming rise of DDoS attacks targeted at Russian infrastructure and the severest Apache Tomcat vulnerability — reflects the need for heightened awareness and proactive measures to mitigate risks. Organizations must remain vigilant, regularly assess their security frameworks, and fortify their defenses to protect their data and operations from these ever-evolving cybersecurity threats.