Intermediate

Security Hot Takes: Mid-Year Review 2024

The first half of 2024 confirmed a trend that had been building since 2021: adversaries are increasingly moving away from traditional initial-access techniques — phishing, browser exploit...

Several high-CVSS-scoring vulnerabilities disclosed in products from vendors such as Ivanti, ConnectWise, and Atlassian throughout late 2023 and the first six months of 2024 illustrate this shift. Rather than being isolated incidents, they represent a broader pattern: threat actors — both cybercriminal and nation-state — have recognized that edge appliances sit at the perimeter of the network, are often internet-facing by design, and historically receive less scrutiny and slower patch cycles than internal systems.

Vulnerability-tracking data going into 2024 showed that threat groups had pivoted, dating back to 2021, toward attacking vulnerable edge appliances. While operating systems, network infrastructure, and enterprise software all saw significant year-on-year increases in high-risk vulnerabilities through 2023, the jump specifically attributable to edge device attacks outpaced all of these other categories.

Within the operating-system category, the trend skewed more toward macOS and UNIX-based systems rather than Windows. Meanwhile, a cluster of CVEs tied to Ivanti, Cisco, FortiGate, Palo Alto, and Checkpoint products all surfaced within just the first six months of 2024 — a...

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The 2024 Surge in Edge Device Exploitation
  3. 3 Summary

More Security Hot Takes & Threat Intel courses

View all 21

Interested in this course?

Contact us to book it or get a custom training plan for your team.