Last updated at Fri, 14 Jun 2024 14:07:12 GMT
Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability 和 attacker l和scape. The spiritual successor to our annual 脆弱性 Intelligence Report, the AIR includes data from the Rapid7 research team combined with our detection 和 response 和 threat intelligence teams. It is designed to provide the clearest view yet into what security professionals face day to day.
在这个博客中, we would like to focus on one area of research the AIR highlights: network edge technologies. In 2023 (和 early 2024) Rapid7 found some startling information about the vulnerability of these critical devices. 本质上, of the mass compromise events we studied, exploitation of network edge tech increased significantly over the 14 months the report covers — something we will cover in detail shortly.
但首先,一些背景知识. 早在2020年, Rapid7 created a new attacker utility category for vulnerabilities that functioned as network pivots. These are vulnerabilities that give external attackers internal network access. Think VPNs, firewalls, security gateways, etc. They serve an important function in any network but visibility into these devices can be challenging, making them prime targets for attackers.
In 2023 we saw a surge in attacks on these network appliances. Mass compromise events stemming from exploitation of network edge tech nearly doubled over the period studied — with 36% of all widely exploited vulnerabilities occurring within network perimeter technology. Looking back over the previous reports, we determined some 60% of all of the vulnerabilities Rapid7 analyzed in network edge devices over a three year period were exploited as zero-days, a disproportionate number when looking at the entirety of the vulnerabilities studied.
Over the four years Rapid7 has been categorizing this type of vulnerability, network edge devices have comprised 24% of exploited vulnerabilities 和 a quarter of all 普遍的威胁.
状态-sponsored groups 和 ransomware groups like Cl0p, 公司, Bl00dy, 阿基拉, 玩, LockBit, 和更多的 went after network edge tech in 2023. Network edge devices are essential for modern network operations, but they also represent a major weak spot in cybersecurity defenses — one that these organized groups took advantage of in 2023.
There are a number of reasons for this. It can be difficult to detect intrusions on these types of devices as the capabilities for logging 和 threat detection vary depending on the specific devices used. 有些不记录关键事件, they use a variety of firmware 和 (often proprietary) operating systems, 和 in some cases the firmware itself may be encrypted or obfuscated. This makes monitoring 和 detecting intrusions troublesome across different devices 和 developing a strategy for the entire spectrum of devices complex.
For more information about network edge technology vulnerabilities, as well as the latest data on ransomware, 攻击者公用事业, 普遍的威胁, 文件传输漏洞, 和更多的, download the 2024 Attack Intelligence Report.
