Dive Brief:
- Threat actors are going after broadly deployed enterprise software and network infrastructure, exploiting vulnerabilities in file-transfer services and VPNs at a significantly higher rate, according to Recorded Future’s annual threat analysis report.
- The number of high-risk vulnerabilities exploited in attacks against enterprise software and network infrastructure approximately tripled from 2022 to 2023, analysts in the cybersecurity company’s threat research division Insikt Group said in the Thursday report.
- Analysts warned that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud are narrowing the supply chain of vendors they rely on, introducing new security risks to the enterprise environment.
Dive Insight:
High-risk vulnerabilities in operating systems across major vendors such as Microsoft, Google, Apple and Cisco, network infrastructure, including VPNs, and enterprise software, accounted for two-thirds of all active exploits in 2023, according to Recorded Future.
Threat groups exploited several vulnerabilities at scale in 2023, inflicting widespread damage on thousands of organizations. This includes attack sprees targeting Progress Software’s MOVEit file-transfer service, Forta’s GoAnywhere file-transfer service and Citrix Netscaler networking products.
“The most notable instances of mass exploitation this year were carried out by the Clop ransomware group on two third-party managed file transfer MFT services, Fortra’s GoAnywhere MFT and Progress Software’s MOVEit MFT,” the report said.
Nation-state and ransomware threat actors conducted successful attacks on hundreds of organizations via mass exploitation of the CitrixBleed vulnerability affecting Citrix’s widely used networking appliances Netscaler Application Delivery Controller and Netscaler Gateway, researchers said.
The increased number of vulnerabilities exploited in attacks against enterprise software and network infrastructure stands out. Recorded Future’s observations include:
- A 290% increase in active exploits against enterprise software, jumping from 11 in 2022 to 43 last year.
- A 309% increase in active exploits used in attacks against internet-facing networking infrastructure, growing from 11 in 2022 to 45 last year.
Threat groups are exploiting vulnerabilities in broadly deployed enterprise products to gain widespread unauthorized access to corporate environments and sensitive data. Ransomware operators leverage this access and exfiltrated data to threaten victim organizations with extortion demands, the report said.
“While zero-day vulnerabilities are cause for concern, it should be noted that in most instances of mass exploitation, successful attacks took place after a vulnerability was disclosed and patched,” the report said.