Recent research has identified a concerning trend of mass exploitation targeting edge services and infrastructure devices by cyber threat actors [3].

Description

In 2023 and 2024 [3] [4], there has been a significant increase in mass exploitation incidents, with the number of edge service and infrastructure CVEs added to the Known Exploited Vulnerability Catalogue (KEV) per month in 2024 being 22% higher than in 2023 [2] [3]. These CVEs also have an average severity score that is 11% higher. Edge services [1] [2] [3] [4], accessible from both internal and external networks [1], have become popular initial access points for threat actors due to the lack of monitoring and prevention measures. Vulnerable software such as MOVEit [2] [3] [4], CitrixBleed [1] [2] [3] [4], Cisco XE [1] [2] [3] [4], Fortiguard’s FortiOS [1] [2] [4], Ivanti ConnectSecure [1] [4], Palo Alto’s PAN-OS [1] [4], Juniper’s Junos [1] [4], and ConnectWise ScreenConnect are being exploited [4], with infrastructure devices like firewalls and VPN gateways also being targeted. Mass exploitation has emerged as a primary vector for ransomware incidents [2] [3], with financially motivated cyber criminals taking advantage of zero and one-day vulnerabilities [3]. The rise in mass exploitation incidents is attributed to the prevalence of vulnerable edge services and increased awareness among attackers and defenders. The increasing technological complexity [2], including devices running stripped-down Linux operating systems [2], provides opportunities for attackers to exploit vulnerabilities and gain access to systems [2].

Conclusion

The increase in mass exploitation incidents underscores the urgent need for enhanced cybersecurity measures to protect edge services and infrastructure devices. Organizations must prioritize monitoring and patching vulnerable software and devices to mitigate the risk of exploitation. Additionally, collaboration between industry stakeholders and cybersecurity experts is crucial to stay ahead of evolving threats and prevent future incidents. As cyber threat actors continue to exploit vulnerabilities, proactive defense strategies and ongoing security updates will be essential to safeguard critical systems and data.

References

[1] https://www.infosecurity-magazine.com/news/withsecure-exploitation-edge/
[2] https://betanews.com/2024/06/12/attackers-target-edge-devices-in-mass-exploitation-attacks/
[3] https://www.withsecure.com/en/whats-new/pressroom/withsecure-intelligence-research-sets-mass-exploitation-of-edge-services-as-the-prevailing-trend-for-attackers
[4] https://labs.withsecure.com/publications/mass-exploitation-the-vulnerable-edge-of-enterprise-security