Mass exploitation of edge services could become the standard attack vector for hackers in 2024

Early indications are that phishing attacks will decline in 2024, and mass exploitation of vulnerable edge services may become the new preferred attack vector for cybercriminals.

Speak with IT professional, Tim West, director of threat intelligence at WithSecure, said that an overall improvement in cyber hygiene, greater awareness of phishing techniques and the maturity of endpoint protection have all contributed to a decline in phishing attacks in 2024.

“Phishing attachments seem to have declined, and I think the reason for that is that we’re getting better at identifying malicious attachments in email. Training is now pretty good and commonplace in many industries, trust in email attachments from unwanted people is pretty low, and endpoint products are pretty good at scanning documents for suspicious artifacts.”

He warned that phishing will remain a popular attack vector in 2024 as hackers continue to adapt their techniques to modern defenses, but targeting vulnerable edge services could become the most common vector.

“That’s not to say (phishing) isn’t still pretty successful, it’s just maybe not quite as successful as it has been in recent years. Threat actors are finding their way around this with other techniques around email-based phishing. But overall we’ve seen an increase in the opposite direction of exploiting edge services.”

Stephen Robinson, senior threat analysis analyst at WithSecure, said at the Finnish security company’s SPHERE24 conference that 50% of the company’s incident response operations begin with exploitation of publicly available services.

He noted that the scale and severity of these attacks had “exploded” in the past year.

There are no hiding places in the IPv4 Internet space

Threat intelligence collected by other stakeholders in the enterprise security sector confirms West and Robinson’s analysis and also shows a relative trend toward threat exploitation over other attack methods through 2024.

Symantec reported in its 2024 report that exploitation of vulnerable edge services has overtaken botnets as the primary attack vector for ransomware campaigns.

According to Verizon’s 2024 Data Breach Investigations Report (DBIR), there was a 180% increase in vulnerability exploitation last year, and a 68% increase in breaches involving third parties, including partner infrastructure directly or indirectly affected by software supply chain issues.

When asked what he thinks is behind this trend, West explained that vulnerabilities in edge services provide cybercriminals with the opportunity to exploit a flaw en masse without having to develop tailored tactics to specifically target organizations.

“There’s a whole ecosystem now around (mass exploitation),” West said. “So if you can develop the ability to exploit the vulnerability of a service that’s exposed to the internet — as many threat actors do — and you can exploit that at scale, then you’re going to hit large companies, small companies, medium-sized companies.”

He added that this approach is incredibly time-efficient, allowing threat actors to instantly identify thousands of potential targets using rudimentary internet scanning services.

“In the IPv4 internet space, there’s no real place to hide anymore, there’s no ambiguity… if you have an IP address that’s routable across the internet, and a vulnerable service on it that’s being actively scanned, so to speak, it will be detected. Attackers can now search the entire internet for specific things in a matter of minutes.”

Related Posts

One dead after motorcycle crash in Kosciusko County – 95.3 MNC

State police arrest Dexter man for arson

Assam: IFS officer Muanthang Tungnung suspended for violating transfer orders