Over 60% of Network Security Appliance Flaws Exploited as Zero Days


A new report from Rapid7 states that over a third of widely exploited vulnerabilities have occurred in network perimeter technologies since the start of 2023, nearly double than that of the previous year. Notably, 60% of these vulnerabilities (impacting network and security appliances) were exploited as zero days in 2023. According to researchers, most of the widely exploited CVEs in that last couple of years pertain to easily exploitable root causes, like command injection and improper authentication issues, shifting away from memory corruption exploits. In addition, 41% of incidents observed by Rapid7 in 2023 were due to missing or unenforced multi-factor authentication (MFA) on internet facing systems, particularly VPNs and virtual desktop infrastructure.

Security Officer Comments:
There has been a shift in the way mass compromise events are being carried out. Before 2023, widespread compromise events started off with a wave of low-skilled exploit attempts followed by more sophisticated actors including ransomware actors and APT groups, an approach researchers dub “many attackers, many targets.” However, starting in 2023, many of the widespread compromises, involving hundreds of organizations were carried out by a single actor. One such example involves the MOVEit campaign launched by the Clop ransomware gang last year. These actors were able to find a zero-day flaw in the MOVEit file transfer solution and coordinated a well planned exploitation campaign that resulted in hundreds of organizations across the world in being compromised and having their data stolen.

Suggested Corrections:
By implementing a VPN or security appliance as the first line of defense for internet-exposed appliances, organizations can establish a secure perimeter and effectively shield their internal network from direct exposure to potential threats. This approach adds an extra barrier for attackers to overcome, making it more difficult for them to exploit zero-day vulnerabilities and penetrate the network. Furthermore, coupling this with robust security measures such as regular patching, network segmentation, and intrusion detection systems can significantly bolster the organization's resilience against evolving cyber threats, including zero-day attacks.