Enterprise cyber security tools such as routers, firewalls, and VPNs exist to protect corporate networks from intruders and malicious hackers.
However, it is pitched as a tool that helps organizations to maintain safety from external threats, but many of these products include software bugs that make malicious hackers just compromise the network. It turns out that there are many times.
These bugs have been blamed for explosions in recent mass hacking campaigns, and malicious hackers have been abused on these simple security flaws, invading thousands of tissue networks, and sensitive. Steal corporate data.
Summarize the simple history of mass hacking and update this article when it is inevitably revealed.
One of the first large -scale hacking in the last 10 years is GOANY of FORTRA, a product used by companies to share large -scale files and confidential datasets on the Internet. I used the vulnerability of WHERE Managed File Transfer Software. The CLOP Ransum Wear Gang compromised over 130 organizations and used bugs to steal millions of personal data. Since the vulnerability was abused as a zero day, FORTRA had no time to fix it before being attacked. Later, CLOP stolen data stolen from a victim organization who did not pay hackers. Hitachi Energy、Security Giant Rubrik、およびFloridaに拠点を置くヘルステクノロジー組織Nation-Benefitsは、攻撃で盗まれた300万人以上のメンバーのデータを見た – は、バギーソフトウェアに起因する侵入を報告しました。
May 2023: Moveit defects allowed the data of 60 million people to theft
Moveit’s large -scale hack is one of the largest abuses in history, and hackers abuse other widely used file transfer software deficiencies developed by Progress software, thousands of organizations. I will steal. According to cyber security companies, EMSISOFT, the attack was re -asserted by the Clop Ransomware Group, abusing Moveit vulnerabilities to steal more than 60 million individuals. The US government service, which contracted for a huge Maximus, was the biggest victim of Moveit violations after confirming that Hackers had accessed 11 million personal protected health information.
October 2023: Cisco Zero-day exposed thousands of routers to acquire
The mass hack lasted until the latter half of 2023, and the hacker exploited the vulnerabilities of Cisco’s Networking Software in October, an enterprise switch, wireless controller, access point, and industrial router. The bug has given the attacker a “complete control of the infringed device.” Cisco did not confirm the number of customers affected by the device connected to the Internet and the asset search engine, but an infringement device exposed to the Internet was observed. I mentioned it.
November 2023: Ransomwear gang abuses Citrics Bug
Citrix Netscaler, which is used by large companies and the government for application distribution and VPN connection, became the latest mass hack target just one month later in November 2023. Confidential information from Netscaler systems influenced by famous companies. Aerospace major Boeing, law firm Allen & Oberry, and Chinese industries and commercial banks have been asserted as victims.
January 2024: Chinese hackers violated the company by exploiting the IVANTI VPN bug
Ivanti has been synonymous with a large -scale hacking after a large number of important zero -day vulnerabilities have begun to discover two important zero -day vulnerabilities in Ivanti’s Hackers in Ivanti’s Corporate Connect Secure VPN appliance. At the time, Ivanti said that only a limited number of customers were affected, but Cyber Security Company Volexity has exploited more than 1,700 IVANTI appliance around the world, aircraft, banks, banks, defenses. He discovered that it had an influence on the organization of the telecommunications industry. U.S. government agencies, which operate the affected Ivanti system, were immediately ordered to prevent the system. The exploitation of these vulnerabilities was later linked to a spy group supported by China, known as the Salt era, and has recently been hacked to at least nine US telecommunications companies. 。
In February 2024, the hacker aimed for two “easy extraction” vulnerabilities, ConnectWise ScreenConnect. Cyber Security Giant Manding said that researchers had observed two defects “identified mass exploitation.” These were abused by various threat actors to develop passwordstellers, back doors, and in some cases ransomware.
The hacker attacked a (again) Ivanti customer with a fresh bug
In February 2024, IVanti also created a headline again when the attacker was widely used to exploit another vulnerability of the VPN appliances and hack their customers. ShadowServer Foundation, a non -profit organization that scanned the Internet for exploitation, told TechnoCrunch when observing more than 630 unique IP addresses to exploit the server defects. It is protected by vulnerable eyivanti equipment.
November 2024: Palo Olt Firewall bugs have thousands of companies in danger
In the latter half of 2024, the hacker was created by the cyber security giant Palo Alto Network and utilized two zero vulnerabilities in software used by customers around the world, so it infringes thousands of organizations. I did. With the vulnerability of Pan-OS, an operating system run on all the next-generation firewalls in Paralt, the attacker could compromise and remove sensitive data from a corporate network. According to a researcher of Watchtowr Labs, a security company, a reverse engineering of Palo Alto patches, this defect was based on the basic mistakes in the development process.
December 2024: CLOP compromise on CLEO customers
In December 2024, CLOP Ransomwear Gang launched a large -volume hacking wave, targeting even more popular file transfer technology. This time, the gangs are exploiting the tools created by CLEO Software, a manufacturer of enterprise software based in Illinois, and targeting dozens of customers. By early January 2025, CLOP listed 60 CLEO companies, which were allegedly compromised, including US supply chain software giants and German manufacturing giant cobestros. By the end of January, CLOP has added 50 CLEO Mass-Hack victims to a dark web leak site.
January 2025: New year, new IVANTI bug being attacked
The New Year began with Ivanti falling into a hacker victim. In early January 2025, US software giants warned customers that hackers are utilizing the new zero -day vulnerability of enterprise VPN appliance to violate corporate customer networks. Ivanti said that a “limited number” was affected, but refused to say how many people would say. According to Shadowserver Foundation, the data shows hundreds of backladed customer systems.
The Fortinet Firewall bug was misused from December
A few days after the latest bugs of Ivanti were disclosed, Fortinet confirmed that hackers are using firewall vulnerabilities individually to invade corporate and corporate customers’ network. According to security research companies, the defects affecting cyber security companies’ FortiGate firewalls have been “large amounts of exploitation” as a zero day bug since at least December 2024. Fortinet refused to say the number of affected customers, but the security investigators investigating the attack have observed the invasion of the affected device, TEN.
SonicWall says that hackers are remotely hacking customers
January 2025 was a busy month for hackers who use bugs of enterprise security software. SonicWall said in late January that unknown hackers have invaded customer networks, utilizing the newly discovered vulnerabilities in one of the enterprise products. According to Sonic Wall, a vulnerability that affects SonicWall’s SMA1000 Remote Access Appliance has been discovered by Microsoft’s threat researchers and is “actively exploited in the wild.” The company does not say how many customers have been affected or have the technical ability to confirm by the company, but this bug is in 2025 because more than 2,300 devices are exposed to the Internet. It may be the latest mass hack.
Source link
