In 2024, the number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) per month has increased by 22 percent compared to 2023. Conversely, the number of other CVEs added to the KEV per month has decreased by 56 percent compared to 2023.

Additionally, over the last two years, the severity of edge service and infrastructure CVEs added to the KEV has been, on average, 11 percent higher than other CVEs. Stephen Robinson, a senior threat intelligence analyst at WithSecure, describes these devices as attractive due to their potential for stealth.

The lack of monitoring and prevention measures on these devices makes them an appealing and obscure part of the network for illicit activities. Numerous recent reports suggest that mass exploitation is now a more prevalent method for ransomware incidents than botnets.

Security incidents have increased significantly due to the mass exploitation of vulnerable software, including MOVEit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect. According to Robinson, the increasing technological complexity, the deployment of VPN gateways, combined hybrid applications, and a growing number of devices running stripped-down Linux operating systems contribute to the heightened risk.