Cybercriminal organizations heavily target enterprise software and network infrastructure in the year 2023

Cybercriminal organizations heavily target enterprise software and network infrastructure in the year 2023

In a concerning development, a significant rise in the exploitation of high-risk vulnerabilities in enterprise software and network infrastructure was observed from 2022 to 2023. According to Recorded Future's annual threat analysis report, this increase was driven by several factors.

Expanded Digital Attack Surface and Rising Vulnerabilities

Mid-2022 through 2023 saw a noticeable rise in registered vulnerabilities, with over 40,000 Common Vulnerabilities and Exposures (CVEs) in 2024 and projections approaching 50,000 in 2025. This surge in vulnerabilities may be due to either more discoveries or disclosures during this timeframe.

Prominent Vendors and Products Affected

Major enterprise software vendors such as Microsoft, VMware, Atlassian, Fortinet, and Apache dominated the list of most exploited products. Microsoft led with 14 vulnerabilities heavily targeted in 2023, spanning Windows, Office, Edge, Azure, and related products.

Rise of Zero-Day Exploits

Over 50% of the most exploited vulnerabilities in 2023 were zero-day attacks, a noteworthy increase from 2022. Zero-days are vulnerabilities exploited before public disclosure or patch availability, posing severe risks because organizations cannot mitigate them until detected and fixed.

Shorter Time to Exploitation

The "patch gap" is shrinking; over 25% of vulnerabilities exploited in Q1 2025 were attacked within 24 hours of disclosure, emphasizing the urgency for rapid mitigation. This compressed window widens the risk for organizations with slower security response cycles.

Types of Vulnerabilities Exploited

Common Weakness Enumerations (CWEs) frequently appearing include Path Traversal (CWE-22), Improper Privilege Management (CWE-269), and Improper Authentication (CWE-287). These flaws enable unauthorized access or code execution, making them attractive targets for attackers.

High-Profile Exploits

Examples of high-profile exploits include Microsoft's patching of critical zero-day vulnerabilities exploited by threat actors and the disabling DDoS attack on Azure and Microsoft 365 services following the prior CrowdStrike incident. State-backed groups like Russia’s Midnight Blizzard also exploited weak passwords to gain access to sensitive corporate networks.

Exploitation of Vulnerabilities in File-Transfer Services and VPNs

The report indicates a significant increase in the exploitation of vulnerabilities in file-transfer services and VPNs in enterprise software and network infrastructure. Notable instances of mass exploitation in 2023 were carried out by the Clop ransomware group, targeting two third-party managed file transfer MFT services, Fortra's GoAnywhere MFT and Progress Software's MOVEit MFT.

Exploitation of Vulnerabilities in Citrix Netscaler Networking Products

In 2023, the exploitation of vulnerabilities in Citrix Netscaler networking products occurred. Nation-state and ransomware threat actors conducted successful attacks on hundreds of organizations via mass exploitation of the CitrixBleed vulnerability affecting Citrix's networking appliances Netscaler Application Delivery Controller and Netscaler Gateway.

Analysis and Recommendations

The increase in exploited high-risk vulnerabilities is attributable to a combination of an expanded digital attack surface, higher discovery rates of flaws, more aggressive attacker behavior using zero-days, and the difficulty enterprises have in promptly patching against rapidly disclosed vulnerabilities.

Organizations must prioritize rapid vulnerability detection and patching, especially for zero-days. They should also invest in automated prioritization tools to manage overwhelming CVE volumes, strengthen identity and access controls to mitigate privilege escalation and authentication flaws, and improve incident detection to reduce exposure windows.

Analysts warn that businesses' ongoing efforts to increase virtualization and migrate workloads to the cloud are narrowing the supply chain of vendors they rely on, introducing new security risks to the enterprise environment. Threat groups are exploiting vulnerabilities in broadly deployed enterprise products to gain widespread unauthorized access to corporate environments and sensitive data, which ransomware operators leverage for extortion demands.

These trends emphasize the importance of proactive cybersecurity strategies to combat increasingly immediate and sophisticated exploitation in enterprise environments.

1. The rise in data breaches is alarming, as the majority of them are due to the exploitation of high-risk vulnerabilities in enterprise software and network infrastructure.
2. Businesses need to prioritize cybersecurity, particularly in the face of a shrinking "patch gap," where over 25% of vulnerabilities exploited are attacked within 24 hours of disclosure.
3. The exploitation of zero-day vulnerabilities in file-transfer services, VPNs, and even Citrix Netscaler networking products highlights the need for organizations to invest in automated prioritization tools, strengthen identity and access controls, and improve incident detection to reduce exposure windows.

Read also: