In 2023, there was a significant increase in breaches driven by the exploitation of vulnerabilities in MOVEit software [9], social engineering [9], and failure to patch known bugs [9].
Description
Cybercriminals targeted zero-day vulnerabilities in IT systems [3], with ransomware actors exploiting bugs for initial access. The MOVEit breach [3], involving Clop ransomware [3], highlighted the impact of zero-day vulnerabilities in the file-transfer service. Organizations took an average of 55 days to remediate 50% of critical vulnerabilities listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog [1] [9]. The median time for mass exploitations of the CISA KEV to develop on the Internet was just five days [9]. Ransomware actors targeted zero-day vulnerabilities on unpatched systems like MOVEit software [1] [3], leading to a third-party breach affecting over a thousand organizations [6]. Verizon identified 1,567 breach notifications related to MOVEit [5], making it one of the biggest ransomware attacks [5]. The impact of MOVEit was significant compared to the log4j vulnerability [5]. Web application vulnerability exploitation accounted for roughly 20% of data breaches [6], with VPN vector exploitations expected to rise by 2025 [6]. Software supply chain attacks rose by 68% in 2023 [8], with third-party breaches accounting for 15% of all breaches. Supply chain interconnection breaches [6], including those through third-party partners and software exploitation [6], made up 90% of supply chain interconnection breaches [6], with a 68% increase compared to the previous year [6] [7]. The National Vulnerability Database (NVD) faced resource issues [8], resulting in a backlog of vulnerability enrichment [8]. Organizations are advised to implement comprehensive [6], proactive strategies and examine the security track record of potential partners and software suppliers [6]. Ransomware gangs [1] [2] [4] [7], such as Clop [7], leveraged zero-day vulnerabilities to initiate breaches and conduct data extortion-only campaigns [7], emphasizing the importance of vigilance for vendors like Progress Software. The 2024 Verizon Data Breach Investigations Report (DBIR) highlighted the critical increase in vulnerability exploitations, emphasizing the need for urgent and strategic vulnerability management [6]. Organizations are struggling to patch vulnerabilities quickly enough [2], taking an average of 55 days to fix half of them [2], while threat actors are scanning for the same vulnerabilities within five days [2]. It is crucial for organizations to prioritize patching and invest in robust vulnerability management programs to mitigate these risks [2]. The education sector was the most impacted by these attacks [5]. In 2022, there was a significant increase in the exploitation of vulnerabilities as the initial access vector for data breaches [4], with a nearly 200 percent rise compared to previous years [4]. This spike was attributed to the use of zero-day exploits and vulnerabilities by ransomware groups and cybercrime organizations targeting products like MOVEit Transfer [4], Barracuda ESG [4], and Atlassian Confluence [4]. The Verizon 2024 Data Breach Investigations Report (DBIR) highlighted the continued exploitation of critical flaws even after disclosure [4], with over 1,500 breaches linked to the MOVEit Transfer flaw [4]. Patch management remains a challenge for organizations [4], with a delay in addressing known exploited vulnerabilities leading to increased risk of breaches [4]. Despite concerns about AI-enabled cybercrime [9], there is little evidence that it is currently a significant threat to organizations [9].
Conclusion
The impact of vulnerabilities in software systems, social engineering [9], and patch management failures has led to a significant increase in breaches, with ransomware actors exploiting zero-day vulnerabilities for data extortion [3]. Organizations need to prioritize patching and invest in robust vulnerability management programs to mitigate these risks [2]. The education sector remains the most impacted by these attacks [5], highlighting the urgent need for proactive security measures and vigilance against cyber threats.
References
[1] https://www.verizon.com/about/news/2024-data-breach-investigations-report-vulnerability-exploitation-boom
[2] https://www.csoonline.com/article/2096991/5-key-takeways-from-verizons-2024-data-breach-investigations-report.html
[3] https://www.cybersecuritydive.com/news/cve-exploitation-tripled-2023-verizon/714848/
[4] https://duo.com/decipher/verizon-dbir-enterprises-know-the-pain-of-zero-day-exploits-all-too-well
[5] https://cyberscoop.com/verizon-data-breach-report-vulnerabilities-moveit-hack/
[6] https://www.scmagazine.com/news/verizons-2024-data-breach-investigations-report-5-key-takeaways
[7] https://www.techtarget.com/searchsecurity/news/366582952/Verizon-DBIR-Vulnerability-exploitation-in-breaches-up-180
[8] https://www.infosecurity-magazine.com/news/dbir-vulnerability-exploits-triple/
[9] https://www.darkreading.com/cyberattacks-data-breaches/verizon-dbir-basic-security-gaffes-underpin-bumper-crop-of-breaches
