Cybercriminal organizations intensified attacks on enterprise software and network structures throughout the year 2023
A stunning 290% increase in active exploits against enterprise software was reported, jumping from 11 in 2022 to 43 in 2023, according to the Recorded Future annual threat analysis report. This significant surge in attacks has been attributed to a variety of factors, including the exploitation of high-risk vulnerabilities, delayed patching practices, and a shift towards credential and access exploitation.
High-Risk Vulnerabilities on the Rise
The increase in exploited vulnerabilities has been particularly marked in the realm of zero-day vulnerabilities. These vulnerabilities, which accounted for over 50% of the most exploited flaws in 2023, were exploited both immediately after discovery and remained active threats for up to two years due to delayed patching.
Widely used software such as Microsoft Windows, Office, Edge, and Azure products were among the targets, with Microsoft patching over 126 vulnerabilities in early 2025, including a zero-day exploit in the Windows Common Log File System (CLFS) actively used by threat groups. Elevation of Privilege (EoP) and Remote Code Execution (RCE) vulnerabilities also dominated the attack landscape, allowing attackers to gain higher privileges or execute arbitrary code remotely.
Exploitation Methods and Attack Vectors
Attackers have employed various methods to exploit these vulnerabilities. Password spraying and brute force attacks have been used to compromise credentials, especially targeting legacy or weak accounts. This was demonstrated in the 2024 Russian-backed Midnight Blizzard attack on Microsoft's corporate network.
Additionally, denial-of-service (DDoS) attacks have become more impactful and frequent, with 2023 seeing longer average attack durations and the use of amplification vectors like NTP and memcached.
The Shift Towards Digital Identity and Privileged Access Attacks
Attack vectors have shifted towards digital identity and privileged access attacks, moving beyond traditional software flaws. This shift greatly increases the risk to enterprises, as it allows attackers to gain unauthorized access to corporate environments and sensitive data.
The Urgent Need for Proactive Cybersecurity Measures
This trend underscores the urgent need for proactive cybersecurity measures. These measures include timely patch management, enhanced identity security, and prioritization of critical vulnerabilities. The increasing number of attacks on enterprise software and network infrastructure highlights the need for continuous vigilance and proactive measures to protect against cyber threats.
Key Exploitation Points
| Vulnerability Type | Targeted Assets | Exploitation Method | |---------------------------|--------------------------------|----------------------------------------| | Zero-day vulnerabilities | Microsoft software, web apps | Immediate exploitation post-disclosure, exploitation over years due to patch delays | | Elevation of Privilege | Enterprise software, OS | Gaining higher system privileges | | Remote Code Execution | Software and cloud platforms | Executing arbitrary code remotely | | Credential-based attacks | Corporate identities | Password spraying, brute force attacks | | Denial-of-Service attacks | Network infrastructure | Amplification attacks causing outages |
This landscape highlights a shift toward highly sophisticated, rapid, and credential-focused exploitations in enterprise environments. As the role of Chief Information Security Officers (CISOs) evolves, a greater focus on risk assessment and mitigation is expected in response to these concerns.
The Impact of Mass Exploitation
Ransomware operators are using mass exploitation to target enterprise software and network infrastructure. These operators leverage this access and exfiltrated data to threaten victim organizations with extortion demands. This trend suggests a growing awareness among corporate stakeholders about the importance of cybersecurity in the context of their technology infrastructure.
Notable attack sprees targeted Progress Software's MOVEit file-transfer service, Forta's GoAnywhere file-transfer service, and Citrix Netscaler networking products. The Clop ransomware group, for instance, conducted mass exploitation on Fortra's GoAnywhere MFT and Progress Software's MOVEit MFT.
Analysts warn that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud are introducing new security risks to the enterprise environment. Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, with a focus on whether they are potential targets.
In conclusion, the increasing number of attacks on enterprise software and network infrastructure underscores the need for continuous vigilance and proactive measures to protect against cyber threats. As the landscape of cyber threats evolves, so too must the strategies for defending against them.
- The surge in attacks on enterprise software has highlighted the growing concern of high-risk vulnerabilities, with zero-day vulnerabilities especially prevalent and causing significant damage due to delayed patching.
- In the realm of cybersecurity, the emphasis has shifted towards digital identity and privileged access attacks, posing a high risk to businesses as it allows unauthorized access to corporate environments and sensitive data.
- The rise in mass exploitation by ransomware operators, such as the Clop group, targets enterprise software and network infrastructure, which underlines the importance of proactive cybersecurity measures for businesses in the finance and technology sectors.
