Over the last couple of years, we have seen an increase in complex network vulnerabilities for cybersecurity. As malicious actors become more sophisticated, security experts need to remain vigilant and use these events to educate themselves to shore up their defenses. In this blog, we will discuss three major vulnerabilities that led to serious consequences and discuss lessons learned to better secure our networks.
1. Make CVE-2024-3400: Remote Code Execution in Network Operating Systems
CVE-2024-3400 is one of the more critical vulnerabilities over the past few years. The flaw allowed attackers to execute code remotely on the network operating system without requiring authentication. The issue stemmed from a command injection vulnerability in the Global Protect feature of some network operating systems, which enable attackers to circumvent security controls and compromise systems with admin credentials. Once inside, attackers were able to intercept, modify, and redirect network traffic, resulting in data breaches and service disruptions.
2. CVE-2023-34362: SQL Injection in Managed File Transfer Solutions
CVE-2023-34362 allows attackers to insert malicious SQL commands into databases, leading to unauthorized access to sensitive data, manipulation of administrative functions, and potentially even ransomware attacks. The impact of this flaw was significant, with organizations experiencing data breaches, unauthorized administrative actions, and service disruptions. Attackers exploited this weakness to extract sensitive customer records, modify account permissions, and even deploy ransomware by embedding malicious payloads within database transactions.
3. CVE-2023-20198 & CVE-2023-20273: Privilege Escalation through Web-Based Interfaces
CVE-2023-20198 and CVE-2023-20273 both concern weaknesses in web-based management interfaces for network devices. Exploiting these vulnerabilities, hackers could escalate their permissions from having a normal user level of access to that of an administrator by taking advantage of flaws in authentication and session management. Once they gained entry, attackers were able to modify security settings, steal data, and execute further attacks inside the network.
These vulnerabilities were actively exploited in the wild, with organizations reporting unauthorized configuration changes, data exfiltration, and disruption of critical services.
Lessons for Future Network Security
These exploits demonstrate a need for solid and purpose-built security that adapts to the ongoing and changing threat landscape. It is essential to deploy AI-based anomaly detection tools that can help trace irregular network activities to instantaneously detect outliers. One application of this technology, for example, is an AI-based system called Hopper, developed in 2021 by researchers from the University of California, San Diego. Hopper was built to capture lateral movement within enterprise networks—a common approach used by attackers after the initial compromise. Using more than 780 million internal login events, it detected unauthorized access attempts, which many traditional tools failed to notice, over the span of 15 months. Guardian Analytics, for example, has used AI-driven anomaly detection in the finance industry. With each transaction, their system checks for unusual patterns based on established baselines for normal user behavior, helping to prevent fraud or unauthorized use.
In cloud environments, AI algorithms were also used to catch unusual data exfiltration patterns, resulting in the early detection of insider threats and stopping future breaches. These systems can warn security personnel of suspicious activities, like unexpected privilege escalations or unusual data transfers, allowing for rapid steps to be taken before damage is caused. In addition, regular vulnerability scans must be complemented by timely, systematic patch management to close identified risks as quickly as possible.