Skip to main content
close search
site logo
Dive Brief

Threat groups hit enterprise software, network infrastructure hard in 2023

Recorded Future observed an approximately threefold increase in actively exploited high-risk vulnerabilities in enterprise software and network infrastructure, such as VPNs.

Published March 22, 2024
Matt Kapko's headshot
Senior Reporter
Matrix background of blurred programming code.
Getty Plus via Getty Images

Dive Brief:

  • Threat actors are going after broadly deployed enterprise software and network infrastructure, exploiting vulnerabilities in file-transfer services and VPNs at a significantly higher rate, according to Recorded Future’s annual threat analysis report.
  • The number of high-risk vulnerabilities exploited in attacks against enterprise software and network infrastructure approximately tripled from 2022 to 2023, analysts in the cybersecurity company’s threat research division Insikt Group said in the Thursday report. 
  • Analysts warned that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud are narrowing the supply chain of vendors they rely on, introducing new security risks to the enterprise environment.

Dive Insight:

High-risk vulnerabilities in operating systems across major vendors such as Microsoft, Google, Apple and Cisco, network infrastructure, including VPNs, and enterprise software, accounted for two-thirds of all active exploits in 2023, according to Recorded Future.

Threat groups exploited several vulnerabilities at scale in 2023, inflicting widespread damage on thousands of organizations. This includes attack sprees targeting Progress Software’s MOVEit file-transfer service, Forta’s GoAnywhere file-transfer service and Citrix Netscaler networking products.

“The most notable instances of mass exploitation this year were carried out by the Clop ransomware group on two third-party managed file transfer MFT services, Fortra’s GoAnywhere MFT and Progress Software’s MOVEit MFT,” the report said.

Nation-state and ransomware threat actors conducted successful attacks on hundreds of organizations via mass exploitation of the CitrixBleed vulnerability affecting Citrix’s widely used networking appliances Netscaler Application Delivery Controller and Netscaler Gateway, researchers said.

The increased number of vulnerabilities exploited in attacks against enterprise software and network infrastructure stands out. Recorded Future’s observations include:

  • A 290% increase in active exploits against enterprise software, jumping from 11 in 2022 to 43 last year.
  • A 309% increase in active exploits used in attacks against internet-facing networking infrastructure, growing from 11 in 2022 to 45 last year.

Threat groups are exploiting vulnerabilities in broadly deployed enterprise products to gain widespread unauthorized access to corporate environments and sensitive data. Ransomware operators leverage this access and exfiltrated data to threaten victim organizations with extortion demands, the report said.

“While zero-day vulnerabilities are cause for concern, it should be noted that in most instances of mass exploitation, successful attacks took place after a vulnerability was disclosed and patched,” the report said.

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell