There were nearly 29,000 vulnerabilities published in 2023, amounting to over 3,800 more common vulnerabilities and exposures (CVEs) being issued last year than in 2022. More troubling than the sheer volume of vulnerabilities in 2023 is that over half of them were given a CVSS score indicating high or critical severity — an increase of 57% YoY.

When 23andMe, the popular genetic data gathering and sharing organization, was breached in November of 2023, the threat actors responsible gained initial access by launching a credential stuffing attack. The attack, which involved hackers using credential stuffing, or entering known passwords and emails to see if a combination would work, only succeeded due to a lack of multi-factor authentication (MFA) in place in the compromised account.

In the face of increasingly frequent and severe cyber attacks, organizations with strong cybersecurity maturity are working hard to manage and mitigate their risk, while recognizing that these may no longer be enough.

Vulnerabilities are a major risk for organizations, and a major attack vector for threat actors. There were over 29,000 vulnerabilities published in 2023, amounting to over 3,800 more common vulnerabilities and exposure (CVEs) identifiers being issued last year than in 2022. But that doesn’t mean these most recent vulnerabilities are the only ones in a threat actor’s toolbox.

On March 21, 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands. Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available.

It’s no secret that the manufacturing industry has found themselves in the crosshairs of threat actors in recent years. With a low tolerance for downtime, international operational footprints, and servers full of valuable information, these organizations represent riches for ransomware gangs and individual hackers alike.

Two major organizations breached in 2023 — 23andMe and MGM Resorts — have one part of their hacks in common: identity. Initial access in the 23andMe breach came from credential stuffing, and it was a lack of access control that allowed the threat actors to move deeper into the organization, ultimately exfiltrating data from millions of user accounts.

The 2023 ransomware attack at the University of Manchester didn’t stop once the threat actors had successfully exfiltrated the personal identifiable information (PII) for faculty and staff, plus 250 GB of other data. When the university showed hesitation toward paying the ransom, they turned to a tactic that is becoming increasingly popular among cybercriminals — triple extortion.

Arctic Wolf has recently observed an uptick in detected password spraying for multiple Firewall and VPN appliances. This activity began on February 28, 2024. A variety of products are affected by this activity, including but not limited to devices from vendors such as Cisco, Palo Alto Networks, and WatchGuard. Further investigation revealed that authentication against web-based applications in general was being targeted as opposed to a selection of firewall vendors.