Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



WithSecure Intelligence research sets mass exploitation of edge services as the prevailing trend for attackers

June 2024 by WithSecure™

New research by WithSecure Intelligence explores the trend of mass exploitation of edge services and infrastructure, and puts forward several theories as to why they have been so heavily – and successfully – targeted by attackers.

The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation. A previous WithSecure report on the professionalization of cybercrime noted the growing importance of mass exploitation as an infection vector, but the volume and severity of this vector have now truly exploded.

The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) per month in 2024 is 22% higher than in 2023, while the number of other CVEs added to the KEV per month has dropped 56% compared to 2023. Furthermore, edge service and infrastructure CVEs added to the KEV in the last two years are, on average, 11% higher in severity
than other CVEs.

Several recent reports indicate that mass exploitation may have overtaken botnets as the primary vector for ransomware incidents. There has been a rapid tempo of security incidents caused by the mass exploitation of vulnerable software such as MOVEit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.

Edge services are extremely attractive targets to attackers. They are exposed to the Internet and are intended to provide critical services to remote users, so they can be abused by remote attackers.

"There is just one thing that is required for a mass exploitation incident to occur, and that is a vulnerable edge service, a piece of software that is accessible from the Internet," says Stephen Robinson, Senior Threat Analyst at WithSecure Intelligence.

"What many exploited edge services have in common is that they are infrastructure devices, such as firewalls, VPN gateways, or email gateways, which are commonly locked down black box like devices. Devices such as these are often intended to make a network more secure, yet time and again vulnerabilities have been discovered in such devices and exploited by attackers, providing a perfect foothold in a target network."

Research finds that mass exploitation is the new primary observed attack vector for ransomware and nation-state espionage attackers. Also, the capability and expertise needed to exploit zero and one-day vulnerabilities is more attainable for financially motivated cyber criminals than ever before.

"It is likely that mass exploitation is becoming the primary attack vector either because there are so many vulnerable edge services, or attackers and defenders are now more aware of vulnerable edge services due to the prevalence of mass exploitation," Robinson concludes.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts