Cybercriminal organizations intensified attacks on enterprise software and network infrastructure in the year 2023
In 2023, cyber threat actors targeted enterprise software and network infrastructure with unprecedented frequency, according to Recorded Future's annual threat analysis report. The report reveals a significant increase in the exploitation of vulnerabilities, particularly in "as-a-service" enterprise software and shared cloud infrastructure.
The report highlights that high-risk vulnerabilities in operating systems across major vendors such as Microsoft, Google, Apple, and Cisco, network infrastructure, including VPNs, and enterprise software accounted for two-thirds of all active exploits. This trend underscores the growing risk and profitability of targeting enterprise systems.
One of the most notable instances of mass exploitation in 2023 was carried out by the ransomware gang CL0P. They targeted Fortra's GoAnywhere file-transfer service and Progress Software's MOVEit file-transfer service, causing widespread damage to thousands of organizations. The report also mentions Citrix Netscaler networking products as targets of significant exploitation in 2023, with Citrix Netscaler networking appliances, Netscaler Application Delivery Controller, and Netscaler Gateway being specific targets.
The exploitation of vulnerabilities in file-transfer services and VPNs for enterprise software and network infrastructure saw a substantial increase in 2023. Ransomware operators leveraged this access and exfiltrated data to threaten victim organizations with extortion demands.
The report also warns that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud are introducing new security risks to the enterprise environment. Analysts emphasize that ongoing efforts to increase virtualization and migrate workloads to the cloud are introducing new security risks to the enterprise environment.
While zero-day vulnerabilities are a concern, most instances of mass exploitation occurred after a vulnerability was disclosed and patched. This suggests that organizations must prioritize patch management and regular security updates to protect their systems.
The report's findings underscore the importance of a robust cybersecurity strategy for businesses. Threat actors are increasingly targeting enterprise systems, and businesses must be proactive in identifying and addressing vulnerabilities to protect their data and operations.
- The ransomware gang CL0P, in 2023, exploited vulnerabilities in file-transfer services like Fortra's GoAnywhere and Progress Software's MOVEit, illustrating the growing profitability of targeting enterprise systems in the realm of cybersecurity.
- In addition to file-transfer services, the exploitation of vulnerabilities in Virtual Private Networks (VPNs) for enterprise software and network infrastructure saw a significant rise in 2023, with ransomware operators using this access to exfiltrate data and demand ransom.
- The report underlines the need for businesses to prioritize technology and cybersecurity measures, emphasizing the necessity of a robust cybersecurity strategy to proactively identify and address vulnerabilities, protect data, and safeguard operations from increasing cyber threats.
