Cybercriminals Dismantle Enterprise Software and Network Infrastructure in 2023, Causing Widespread Damage
Recorded Future's 2023 Threat Analysis: A Surge in Mass Exploitation
In a troubling development for cybersecurity, the latest annual threat analysis report from Recorded Future has highlighted a significant increase in mass exploitation of high-risk vulnerabilities across enterprise software, network infrastructure, and operating systems.
The most notable instances of mass exploitation in 2023 were carried out by the Clop ransomware group, targeting two third-party managed file transfer MFT services, Fortra's GoAnywhere MFT and Progress Software's MOVEit MFT. These attacks resulted in widespread damage to thousands of organizations.
One of the most commonly exploited high-risk vulnerabilities in 2023 was CVE-2023-36934, a high-severity SQL injection vulnerability (CVSS 9.1) in MOVEit Transfer. This vulnerability allowed unauthenticated attackers to manipulate database queries and access sensitive data. Other examples include network infrastructure exploits in various systems and protocols such as RocketMQ, MikroTik RouterOS, and SolarView monitoring systems.
The report also noted a tripling of the number of high-risk vulnerabilities exploited in attacks against enterprise software and network infrastructure, from 2022 to 2023. This trend was particularly evident in the exploitation of vulnerabilities in file-transfer services and VPNs.
The report further emphasised the risks in telecom and network infrastructure software, such as CVE-2023-47025 affecting free5GC (a 5G core network software), allowing local Denial of Service attacks.
To combat these threats, Recorded Future advises real-time tracking and prioritization of these vulnerabilities to enable enterprises to patch effectively against ongoing cyber attacks. However, the report does not provide specific countermeasures or solutions to mitigate these risks.
Analysts from Recorded Future's threat research division, Insikt Group, warn that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud are introducing new security risks to the enterprise environment. Ransomware operators are leveraging unauthorized access and exfiltrated data to threaten victim organizations with extortion demands.
The report does not specify the exact number of organizations affected by these attacks, but it is clear that the surge in mass exploitation poses a significant threat to the cybersecurity landscape in 2023 and beyond.
| Type | Example Vulnerability | CVSS Score | Impact | Affected Area | |------------------------------|----------------------------------|------------|--------------------------------------------|---------------------------| | SQL Injection | CVE-2023-36934 | 9.1 | Unauthorized database access | Enterprise software | | Network Infrastructure Exploits | Various protocols (RocketMQ, MikroTik) | High | Remote code execution, info disclosure | Network infrastructure | | Denial of Service | CVE-2023-47025 | 5.5 | System downtime | Telecom/Network software |
This aligns with Recorded Future’s focus on prioritizing patched vulnerabilities that are actively exploited in the wild. If you need more detailed vulnerability names or vendor-specific lists from the full 2023 report, access to the full Recorded Future annual threat analysis would provide comprehensive data beyond these sampled highlights.
- The Clop ransomware group exploited high-risk vulnerabilities in two third-party managed file transfer services, Fortra's GoAnywhere MFT and Progress Software's MOVEit MFT, causing widespread damage to thousands of organizations.
- The report from Recorded Future highlights a tripling of the number of high-risk vulnerabilities exploited in attacks against enterprise software and network infrastructure, with the exploitation of vulnerabilities in file-transfer services and VPNs being particularly evident.
- The ongoing efforts of businesses to increase virtualization and migrate workloads to the cloud are introducing new security risks to the enterprise environment, as ransomware operators are leveraging unauthorized access and exfiltrated data to threaten victim organizations with extortion demands.
- In 2023, a high-severity SQL injection vulnerability, CVE-2023-36934, in MOVEit Transfer allowed unauthenticated attackers to manipulate database queries and access sensitive data, demonstrating the importance of cybersecurity in data-and-cloud-computing and the technology industry.
