Cybercriminal organizations intensified their attacks on enterprise software and network infrastructure in the year 2023
Increased Cyber Threats Target Enterprise Software and Network Infrastructure
A new report from Recorded Future reveals a significant surge in the exploitation of vulnerabilities in file-transfer services and Virtual Private Networks (VPNs) within enterprise software and network infrastructure from 2022 to 2023. This trend underscores the growing importance of robust security measures in these areas.
The report highlights a 309% increase in active exploits used in attacks against internet-facing networking infrastructure, with the number growing from 11 in 2022 to 45 in 2023. Threat groups have been exploiting several vulnerabilities at scale, causing widespread damage to thousands of organizations. Notable targets include Progress Software's MOVEit file-transfer service, Fortra's GoAnywhere file-transfer service, and Citrix Netscaler networking products.
The evolving role of Chief Information Security Officers (CISOs) may involve a greater emphasis on risk management and understanding the vulnerabilities in their organizations' technology stacks. This is particularly important as corporate stakeholders become increasingly aware of the importance of cybersecurity in the current threat landscape.
Nation-state and ransomware threat actors have conducted attacks on hundreds of organizations via the CitrixBleed vulnerability affecting Citrix's Netscaler Application Delivery Controller and Netscaler Gateway. These attacks often involve ransomware operators leveraging this access to exfiltrate data and threaten victim organizations with extortion demands.
The most commonly exploited high-risk vulnerabilities in enterprise software, network infrastructure, and VPNs in 2023 include critical remote code execution and authentication bypass vulnerabilities. Key examples are the MOVEit Transfer SQL Injection (CVE-2023-36934), SysAid IT Service Management Vulnerability (CVE-2023-47246), PaperCut Remote Code Execution Vulnerability (CVE-2023-39143), and authentication bypass in Network Communication Platforms, such as Mitel’s MiVoice MX-ONE platform.
The widespread damage inflicted by threat groups exploiting vulnerabilities at scale in 2023 underscores the potential severity of cyber attacks and the importance of proactive security measures. Successful attacks via mass exploitation often occur after a vulnerability has been disclosed and patched.
Analysts warn that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud are narrowing the supply chain of vendors they rely on, introducing new security risks to the enterprise environment. Recorded Future leverages AI to continuously monitor such vulnerabilities, providing prioritized threat intelligence and actionable insights to help organizations mitigate exploitation risks in real time.
In conclusion, the most exploited high-risk vulnerabilities in 2023 span critical remote code execution, SQL injection, and authentication bypass flaws in enterprise software and network systems, as exemplified by the MOVEit, SysAid, and PaperCut vulnerabilities. The report underscores the need for robust security measures in file-transfer services and VPNs, particularly in the context of enterprise software and network infrastructure. Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, with a focus on determining whether their organizations are potential targets.
- The increase in ransomware attacks targeting vulnerabilities in file-transfer services and VPNs within enterprise software and network infrastructure highlights the importance of robust cybersecurity measures in the data-and-cloud-computing industry and business.
- In light of the growing threat landscape, Chief Information Security Officers (CISOs) are expected to place greater emphasis on risk management and understanding the vulnerabilities in their organizations' technology stacks.
- Nation-state and ransomware threat actors have exploited vulnerabilities, such as the CitrixBleed vulnerability, to attack hundreds of organizations, causing widespread damage and often extortion demands.
- In an era of increased virtualization and cloud migration, businesses must be aware of the potential security risks introduced by a narrower supply chain of vendors in their cybersecurity infrastructure.
