Edge services are extremely attractive targets to attackers

2024-06-18 04:00

Several recent reports indicate that mass exploitation may have overtaken botnets as the primary vector for ransomware incidents.

There has been a rapid tempo of security incidents caused by the mass exploitation of vulnerable software such as MOVEit, CitrixBleed, Cisco XE, Fortiguard's FortiOS, Ivanti ConnectSecure, Palo Alto's PAN-OS, Juniper's Junos, and ConnectWise ScreenConnect.

"There is just one thing that is required for a mass exploitation incident to occur, and that is a vulnerable edge service, a piece of software that is accessible from the Internet," said Stephen Robinson, Senior Threat Analyst at WithSecure Intelligence.

"What many exploited edge services have in common is that they are infrastructure devices, such as firewalls, VPN gateways, or email gateways, which are commonly locked down black box like devices. Devices such as these are often intended to make a network more secure, yet time and again vulnerabilities have been discovered in such devices and exploited by attackers, providing a perfect foothold in a target network," added Robinson.

Research finds that mass exploitation is the new primary observed attack vector for ransomware and nation-state espionage attackers.

"It is likely that mass exploitation is becoming the primary attack vector either because there are so many vulnerable edge services, or attackers and defenders are now more aware of vulnerable edge services due to the prevalence of mass exploitation," Robinson concludes.

News URL

https://www.helpnetsecurity.com/2024/06/18/vulnerable-software-mass-exploitation/

#edge