- 5 easy ways to transfer photos from your Android device to your Windows PC
- How to get Google's new Pixel 9a for free
- Just installed iOS 18.4? Changing these 3 features made my iPhone much better to use
- 7 strategic insights business and IT leaders need for AI transformation in 2025
- The most underrated robot vacuum I've ever tested is now 60% off
WithSecure Reveals Mass Exploitation of Edge Software
Vulnerabilities in edge services and infrastructure devices are being increasingly exploited by cyber threat actors, according to a new report by WthSecure.
Edge services, pieces of software installed at the edge of a network and accessible from both the internet and the internal network, are attractive to threat actors because they make a perfect initial access point into a network.
There has recently been an explosion in the exploitation of vulnerable edge software, with security incidents including MOVEit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.
Traditionally, these exploited edge services are installed on infrastructure devices, also known as appliances. These devices are provided by a supplier without additional security tooling, with complete supplier-defined software and hardware. The most common infrastructure devices include firewalls, VPN gateways and email gateways.
Edge Security Flaws Consistently on the Rise
In the introduction of its report, WithSecure reminded its readers that many recent reports indicate that mass exploitation may have overtaken botnets as the primary vector for ransomware incidents, and there has been a rapid tempo of security incidents caused by mass exploitation of vulnerable software.
Based on this hypothesis, the Finland-based company wanted to determine to what extent edge services vulnerability exploits played a crucial role in this trend.
WithSecure analyzed some trends that set edge service and infrastructure vulnerabilities apart from other vulnerabilities within the Known Exploited Vulnerability (KEV) catalog, a list of known exploited critical vulnerabilities maintained by the US Cybersecurity and Infrastructure Security Agency (CISA).
The firm found that over the past few months, more edge service and infrastructure vulnerabilities were added to the KEV list than regular vulnerabilities.
For instance, while the monthly number of common vulnerabilities and exposures (CVEs) added to the KEV list has dropped in 2024 compared with 2023 (-56%), the monthly addition of edge service and infrastructure CVEs rose by 22% over the same period.
While the overall trend in monthly exploited vulnerabilities has been inconsistent over the past three years, monthly exploited edge vulnerabilities, by contrast, have been consistently rising since 2022.
Additionally, edge service and infrastructure vulnerabilities added to CISA’s KEV list tend to be more impactful than other types of CVEs, with an 11% higher severity scoring for these specific CVEs over the past two years of KEV data.
