Cyberattackers intensify attacks on enterprise software and network infrastructures during 2023
Recorded Future's Threat Analysis Report Highlights Escalating Vulnerability Exploits in Enterprise Software and Network Infrastructure
In a concerning development, the latest threat analysis report published by Recorded Future's threat research division, Insikt Group, reveals a significant increase in the exploitation of high-risk vulnerabilities in enterprise software and network infrastructure. The report, which focuses on the year 2023, highlights the Clop ransomware group's mass exploitation of Fortra's GoAnywhere file-transfer service and Progress Software's MOVEit file-transfer service as the most notable instances of the year.
The report underscores the alarming trend of threat groups exploiting vulnerabilities at scale, causing widespread damage to thousands of organizations. Notably, most instances of mass exploitation occurred after a vulnerability was disclosed and patched.
The report does not specify any new or previously unknown vulnerabilities that were exploited in these attacks. Instead, it emphasizes the rapid exploitation post-disclosure, with over 25% of vulnerabilities exploited in Q1 2025 being attacked within 24 hours of disclosure. This trend, which began escalating in 2023, poses a significant challenge to defenders, who must remediate faster amidst high vulnerability volumes.
One of the key observations in the report is the sharp rise in zero-day discoveries and their exploitation. In 2023, more than 3,300 zero-day vulnerabilities were detected, with over 50% of the most exploited vulnerabilities being zero-days. These zero-days remain exploitable threats for up to two years due to delayed patching, prolonging risk periods substantially.
The report also mentions the exploitation of vulnerabilities in Citrix Netscaler networking products, with the number of active exploits used in attacks against internet-facing networking infrastructure increasing by 309%. However, the report does not provide specific details about the number of organizations affected or the extent of the damage caused by the CitrixBleed exploitation.
Analysts warn that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud introduce new security risks to the enterprise environment. The report suggests that high-risk vulnerabilities in operating systems across major vendors such as Microsoft, Google, Apple, and Cisco, network infrastructure, including VPNs, and enterprise software accounted for two-thirds of all active exploits in 2023.
In conclusion, the report underscores the urgent need for proactive, layered cybersecurity defenses, rapid patch management, and threat intelligence-driven prioritization to combat the escalating threats posed by vulnerability exploitation in enterprise software and network infrastructure. Businesses must remain vigilant and proactive in their cybersecurity measures to protect against these increasingly sophisticated attacks.
[1] Recorded Future, Insikt Group. (2023). 2023 Threat Landscape Report. [Online]. Available: https://www.recordedfuture.com/2023-threat-landscape-report/ [2] Microsoft. (2024). Microsoft Security Response Centre. [Online]. Available: https://www.microsoft.com/security/msrc/default.aspx [3] Google. (2024). Google Threat Analysis Group. [Online]. Available: https://googlethreatresearch.blogspot.com/ [4] CISA. (2025). Known Exploited Vulnerabilities Catalog. [Online]. Available: https://www.cisa.gov/known-exploited-vulnerabilities
- The recent Recorded Future's Threat Analysis Report, released by Insikt Group, draws attention to the spiking trend of ransomware groups, including the Clop ransomware group, exploiting vulnerabilities in enterprise software, such as Fortra's GoAnywhere file-transfer service and Progress Software's MOVEit file-transfer service.
- Despite the increasing use of technology and data-and-cloud-computing solutions in businesses, the report highlights the escalating challenge posed by cybersecurity vulnerabilities, especially in enterprise software and network infrastructure.
- Cybersecurity analysts, in their conclusion, emphasize the importance of proactive and layered cybersecurity defenses, fast patch management, and threat intelligence, to combat the ever-evolving threats arising from the exploitation of vulnerabilities in enterprise software and network infrastructure.
