Enterprise cyber security tools such as routers, firewalls, and VPNs exist to protect corporate networks from intruders and malicious hackers.
However, while the organization is sold as a tool to maintain safety from external threats, many of these products include software bugs that make malicious hackers just compromise the network. It turns out that there are many times.
These bugs have been blamed for explosions in recent mass hacking campaigns, and malicious hackers have been abused on these simple security flaws, invading thousands of tissue networks, and sensitive. Steal corporate data.
We have summarized the simple history of mass hacks. And update this article when it becomes more inevitable.
One of the first mass hacks in the last 10 years is the GOANY WHERE Managed, a product used by companies to share large -scale files and confidential data sets by notorious ransomware crews on the Internet. He used the vulnerability of File Transfer Software. The CLOP Ransum Wear Gang compromised over 130 organizations and used bugs to steal millions of personal data. Since the vulnerability was abused as a zero day, FORTRA had no time to fix it before being attacked. Later, CLOP stolen data stolen from a victim organization who did not pay hackers. Hitachi Energy、Security Giant Rubrik、およびFloridaに拠点を置くヘルステクノロジー組織Nation-Benefitsは、攻撃で盗まれた300万人以上のメンバーのデータを見た – は、バギーソフトウェアに起因する侵入を報告しました。
May 2023: Moveit defects allowed the data of 60 million people to theft
Moveit's large -scale hack is one of the largest abuses in history, and hackers abuse other widely used file transfer software deficiencies developed by Progress software, thousands of organizations. I will steal. According to cyber security companies, EMSISOFT, the attack was re -asserted by the Clop Ransomware Group, abusing Moveit vulnerabilities to steal more than 60 million individuals. The US government service, which contracted for a huge Maximus, was the biggest victim of Moveit violations after confirming that Hackers had accessed 11 million personal protected health information.
October 2023: Cisco Zero-day exposed thousands of routers to acquire
Mashack lasts until the latter half of 2023, and in October, the hacker exploits the vulnerability of the zero day of Cisco's networking software and compromise on tens of thousands of devices that depend on software, such as enterprise switches, wireless controllers, and access points. , And industrial router. The bug has given the attacker a “complete control of the infringed device.” Cisco did not confirm the number of customers affected by the device connected to the Internet and the asset search engine, but an infringement device exposed to the Internet was observed. I mentioned it.
Image Credit: Ramon Costa/Sopa Image/Getty Image Light Rocket)
November 2023: Ransomwear gang abuses Citrics Bug
Citrix Netscaler, which is used by large companies and the government for application distribution and VPN connection, became the latest mass hack target just one month later in November 2023. Confidential information from Netscaler systems influenced by famous companies. Aerospace major Boeing, law firm Allen & Oberry, and Chinese industries and commercial banks have been asserted as victims.
January 2024: Chinese hackers violated the company by exploiting the IVANTI VPN bug
Ivanti has been synchronized with a large amount of hack after a large amount of hackers supported by Ivanti's Corporate Connect Secure VPN appliance. At the time, Ivanti said that only a limited number of customers were affected, but Cyber Security Company Volexity has exploited more than 1,700 IVANTI appliance around the world, aircraft, banks, banks, defenses. He discovered that it had an influence on the organization of the telecommunications industry. U.S. government agencies, which operate the affected Ivanti system, were immediately ordered to prevent the system. The exploitation of these vulnerabilities was later linked to a spy group supported by China, known as the Salt era, and has recently been hacked to at least nine US telecommunications companies. 。
In February 2024, the hacker aimed for two “easy extraction” vulnerabilities, ConnectWise ScreenConnect. Cyber Security Giant Manding said that researchers had observed two defects “identified mass exploitation.” These were abused by various threat actors to develop passwordstellers, back doors, and in some cases ransomware.
The hacker attacked a (again) Ivanti customer with a fresh bug
In February 2024, Ivanti again created a headline again when a large number of customers were reduced in other vulnerabilities in the VPN appliance, which is widely used by attackers. ShadowServer Foundation, a non -profit organization that scanned the Internet for exploitation, told TechnoCrunch when observing more than 630 unique IP addresses to exploit the server defects. It is protected by vulnerable eyivanti equipment.
November 2024: Palo Olt Firewall bugs have thousands of companies in danger
In the latter half of 2024, the hacker was created by the cyber security giant Palo Alto Network and utilized two zero vulnerabilities in software used by customers around the world, so it infringes thousands of organizations. I did. With the vulnerability of Pan-OS, an operating system run on all the next-generation firewalls in Paralt, the attacker could compromise and remove sensitive data from a corporate network. According to a researcher of Watchtowr Labs, a security company, a reverse work of Palo Alto patches, this defect was due to the basic mistakes in the development process.
December 2024: CLOP compromise on CLEO customers
In December 2024, CLOP Ransomwear Gang launched a fresh wave of mass hacking, targeting even more popular file transfer technology. This time, the gangs are exploiting the tools created by CLEO Software, a manufacturer of enterprise software based in Illinois, and targeting dozens of customers. By early January 2025, CLOP listed 60 CLEO companies, which were allegedly compromised, including US supply chain software giants and German manufacturing giant cobestros. By the end of January, CLOP has added 50 CLEO Mass-Hack victims to a dark web leak site.
Image Credit: Alex Claus/Bloomberg via Getty Images
January 2025: New year, new IVANTI bug being attacked
The New Year began with Ivanti falling into a hacker victim. In early January 2025, US software giants warned customers that hackers are utilizing the new zero -day vulnerability of enterprise VPN appliance to violate corporate customer networks. Ivanti said that a “limited number” was affected, but refused to say how many people would say. According to Shadowerver Foundation, the data indicates hundreds of backladed customer systems.
The Fortinet Firewall bug was misused from December
A few days after the latest bugs of Ivanti were disclosed, Fortinet confirmed that hackers are using firewall vulnerabilities individually to invade corporate and corporate customers' network. According to security research companies, the defects affecting cyber security companies' FortiGate firewalls have been “large amounts of exploitation” as a zero day bug since at least December 2024. Fortinet refused to say the number of affected customers, but the security investigators investigating the attack have observed the invasion of the affected device, TEN.
SonicWall says that hackers are remotely hacking customers
January 2025 was a busy month for hackers who use bugs of enterprise security software. Sonic Wall stated in late January that the right hacker has invaded customer networks, utilizing the newly discovered vulnerabilities in one of the enterprise products. According to Sonic Wall, a vulnerability that affects SonicWall's SMA1000 Remote Access Appliance has been discovered by Microsoft's threat researchers and is “actively exploited in the wild.” The company does not say how many customers have been affected or have the technical ability to confirm by the company, but this bug is in 2025 because more than 2,300 devices are exposed to the Internet. It may be the latest mass hack.