Enterprise cybersecurity instruments, akin to routers, firewalls and VPNs, exist to guard company networks from intruders and malicious hackers, one thing that’s significantly vital in at this time’s age of widespread distant and hybrid working.
However whereas pitched as instruments that assist organizations keep protected from outdoors threats, many of those merchandise have again and again discovered to include software program bugs that enable malicious hackers to compromise the very networks these merchandise have been designed to guard.
These bugs have been blamed for an explosion in mass-hacking campaigns in recent times, whereby malicious hackers abuse these usually easy-to-exploit safety flaws to interrupt into the networks of hundreds of organizations and steal delicate firm knowledge.
We’ve put collectively a quick historical past of mass-hacks, and can replace this text when extra inevitably come to gentle.
One of many first mass-hacks of this decade noticed a infamous ransomware crew exploit a vulnerability in Fortra’s GoAnywhere managed file switch software program, a product utilized by firms to share massive recordsdata and delicate datasets over the web. The prolific Clop ransomware gang exploited the bug to compromise greater than 130 organizations and steal the non-public knowledge of tens of millions of people. The vulnerability was exploited as a zero-day, which suggests Fortra had no time to repair it earlier than it got here below assault. Clop later revealed knowledge stolen from sufferer organizations who didn’t pay the hackers a ransom. Hitachi Vitality, safety big Rubrik, and Florida-based well being tech group NationBenefits — which noticed the info of greater than three million members stolen within the assault — reported intrusions ensuing from the buggy software program.
Might 2023: MOVEit flaws allowed theft of 60 million individuals’s knowledge
The mass-hack of MOVEit stays one of many largest mass-breaches of all time, with hackers abusing a flaw in one other broadly used file switch software program, developed by Progress Software program, to steal knowledge from a number of thousand organizations. The assaults have been once more claimed by the Clop ransomware group, which exploited the MOVEit vulnerability to steal knowledge on greater than 60 million people, in keeping with cybersecurity firm Emsisoft. U.S. authorities companies contracting big Maximus was the biggest sufferer of the MOVEit breach after confirming that hackers accessed the protected well being info of as many as 11 million people.
October 2023: Cisco zero-day uncovered hundreds of routers to takeovers
The mass-hacks continued into the second half of 2023, with hackers exploiting an unpatched zero-day vulnerability in Cisco’s networking software program all through October to compromise tens of hundreds of gadgets that depend on the software program, akin to enterprise switches, wi-fi controllers, entry factors, and industrial routers. The bug granted attackers “full control of the compromised device.” Whereas Cisco didn’t affirm what number of prospects had been affected by the flaw, Censys, a search engine for internet-connected gadgets and belongings, says it had noticed virtually 42,000 compromised gadgets uncovered to the web.
November 2023: Ransomware gang exploits Citrix bug
Citrix NetScaler, which massive enterprises and governments use for utility supply and VPN connectivity, turned the newest mass-hack goal only one month later in November 2023. The bug, often known as “CitrixBleed,” allowed the Russia-linked ransomware gang LockBit to extract delicate info from affected NetScaler methods at big-name corporations. Aerospace big Boeing, regulation agency Allen & Overy, and the Industrial and Business Financial institution of China have been claimed as victims.
January 2024: China hackers exploited Ivanti VPN bugs to breach firms
Ivanti turned a reputation synonymous with mass-hacks after Chinese language state-backed hackers started mass-exploiting two crucial zero-day vulnerabilities in Ivanti’s company Join Safe VPN equipment. Whereas Ivanti stated on the time that solely a restricted variety of prospects had been affected, cybersecurity firm Volexity discovered that greater than 1,700 Ivanti home equipment worldwide have been exploited, affecting organizations within the aerospace, banking, protection, and telecoms industries. U.S. authorities companies with affected Ivanti methods in operation have been ordered to right away take the methods out of service. Exploitation of those vulnerabilities has since been linked to the China-backed espionage group often known as Salt Storm, which extra lately was discovered to have hacked into the networks of at the least 9 U.S. telecommunications firms.
In February 2024, hackers took goal at two “easy-to-exploit” vulnerabilities in ConnectWise ScreenConnect, a well-liked distant entry software that enables IT and assist technicians to remotely present technical help straight on buyer methods. Cybersecurity big Mandiant stated on the time its researchers had noticed “identified mass exploitation” of the 2 flaws, which have been being abused by numerous risk actors to deploy password stealers, backdoors, and in some circumstances, ransomware.
Hackers hit Ivanti prospects (once more) with recent bugs
Ivanti made headlines once more — additionally in February 2024 — when attackers exploited one other vulnerability in its broadly used enterprise VPN equipment to mass-hack its prospects. The Shadowserver Basis, a nonprofit group that scans and screens the web for exploitation, instructed TechCrunch on the time it had noticed greater than 630 distinctive IP addresses making an attempt to take advantage of the server-side flaw, which permits attackers to achieve entry to gadgets and methods ostensibly protected by the susceptible Ivanti home equipment.
November 2024: Palo Alto firewall bugs put hundreds of corporations in danger
Later in 2024, hackers compromised probably hundreds of organizations by exploiting two zero-day vulnerabilities in software program made by cybersecurity big Palo Alto Networks and utilized by prospects around the globe. The vulnerabilities in PAN-OS, the working system that runs on all of Palo Alto’s next-generation firewalls, allowed attackers to compromise and exfiltrate delicate knowledge from company networks. In line with researchers at safety agency watchTowr Labs who reverse-engineered Palo Alto’s patches, the failings resulted from primary errors within the growth course of.
December 2024: Clop compromises Cleo prospects
In December 2024, the Clop ransomware gang focused yet one more common file switch know-how to launch a recent wave of mass hacks. This time, the gang exploited flaws in instruments made by Cleo Software program, an Illinois-based maker of enterprise software program, to focus on dozens of the corporate’s prospects. By early January 2025, Clop listed virtually 60 Cleo firms that it had allegedly compromised, together with U.S. provide chain software program big Blue Yonder and German manufacturing big Covestro. By the top of January, Clop added one other 50 alleged Cleo mass-hack victims to its darkish net leak website.
January 2025: New 12 months, new Ivanti bugs below assault
The brand new 12 months started with Ivanti falling sufferer to hackers — but once more. The U.S. software program big alerted prospects in early-January 2025 that hackers have been exploiting a brand new zero-day vulnerability in its enterprise VPN equipment to breach the networks of its company prospects. Ivanti stated {that a} “limited number” of consumers have been affected, however declined to say what number of. The Shadowerver Basis says its knowledge reveals tons of of backdoored buyer methods.
Fortinet firewall bugs exploited since December
Simply days after Ivanti’s newest bug was disclosed, Fortinet confirmed that hackers had individually been exploiting a vulnerability in its firewalls to interrupt into the networks of its company and enterprise prospects. The flaw, which impacts the cybersecurity firm’s FortiGate firewalls, had been “mass exploited” as a zero-day bug since at the least December 2024, in keeping with safety analysis corporations. Fortinet declined to say what number of prospects have been affected, however safety analysis corporations investigating the assaults noticed intrusions affecting “tens” of affected gadgets.
SonicWall say hackers are remotely hacking prospects
January 2025 remained a busy month for hackers exploiting bugs in enterprise safety software program. SonicWall stated in late-January that as-yet-unidentified hackers are exploiting a newly found vulnerability in certainly one of its enterprise merchandise to interrupt into its buyer networks. The vulnerability, which impacts SonicWall’s SMA1000 distant entry equipment, was found by Microsoft’s risk researchers and is “confirmed as being actively exploited in the wild,” in keeping with SonicWall. The corporate hasn’t stated what number of of its prospects have been affected or if the corporate has the technical potential to verify, however with greater than 2,300 gadgets uncovered to the web, this bug has the potential to be the most recent mass-hack of 2025.
