The most effective cyberattacks of the recent cycle didn't rely on breaking new ground. Instead, they leveraged trust, exploiting the invisible infrastructure and forgotten devices that underpin everyday digital operations. A ThreatsDay bulletin from The Hacker News highlights a deliberate shift in attacker strategy away from complex zero-days toward the manipulation of mundane, often-overlooked assets.
At the heart of this strategy is the weaponization of trusted software. According to the bulletin, a critical vulnerability in the ubiquitous curl data transfer tool went undetected for over two decades, illustrating how core utilities become invisible infrastructure. Deep integration and accumulated technical debt turn these foundational tools into high-impact targets where a single flaw can cascade across the wider ecosystem.
This approach extends to the hardware on the edge of the network. The bulletin also flags a rise in "proxyware" campaigns, in which consumer-grade IoT devices — particularly smart TVs — are conscripted into illicit proxy networks. Rather than stealing data, this tactic monetizes the devices' bandwidth to build scalable criminal infrastructure, turning households into unwitting operational bases. It highlights a vast, largely unmanaged attack surface where devices are installed and forgotten.
Underpinning these tactics is the democratization of cybercrime capability. The bulletin reports that generative AI tools are being integrated into criminal forums, where they automate the discovery of systemic weaknesses such as neglected dependencies and help craft more convincing phishing lures. This significantly lowers the barrier for less-skilled actors to launch effective campaigns.
For security professionals, the conclusion is clear: trust itself is the primary exploit. Credentials that are not rotated, software assumed secure, and devices left on the network without oversight are now preferred entry points. This reality demands a strategic pivot. Defenses must evolve beyond traditional perimeters to adopt what researchers are calling a "Mundane Risk First" posture — prioritizing rigorous, continuous auditing of open-source dependencies, implementing comprehensive lifecycle management for all connected devices, and enforcing aggressive credential hygiene to eliminate the low-hanging fruit attackers now actively seek. The era of spectacular, cinematic breaches may be yielding to one where systemic neglect is exploited at industrial scale.
近期最有效的網絡攻擊並未依賴突破性技術,而是利用信任,挖掘支撐日常數碼運作的隱形基礎設施與被遺忘的設備。《The Hacker News》發布的《威脅日報》指出,攻擊者的策略已出現明顯轉變——從複雜的零日漏洞轉向操縱那些平凡且常被忽視的資產。
此策略的核心在於將受信任的軟件武器化。《威脅日報》指出,在廣泛使用的curl數據傳輸工具中發現的一個關鍵漏洞,潛伏逾二十年才被發現,這反映核心工具如何演變為隱形基礎設施。深度整合與累積的技術負債,使這些基礎工具成為高影響力攻擊目標,單一缺陷即可在廣泛生態系統中引發連鎖反應。
此攻擊模式亦延伸至網絡邊緣的硬件設備。《威脅日報》同時指出「代理軟件」攻擊活動有所增加,消費級物聯網設備——特別是智能電視——被強行納入非法代理網絡。此策略並非竊取數據,而是利用設備頻寬牟利,建立可擴展的犯罪基礎設施,將家庭轉變為不知情的運作基地。這突顯了龐大且普遍缺乏管理的攻擊面,設備在安裝後便遭遺忘。
支撐這些策略的,是網絡犯罪能力的平民化。《威脅日報》報導,生成式人工智能工具正被整合至犯罪論壇,用於自動化發現被忽視的依賴項等系統性弱點,並協助設計更具欺騙性的釣魚誘餌。這大幅降低技術較不純熟的攻擊者發動有效行動的門檻。
對安全專業人員而言,結論顯而易見:信任本身已成為首要利用點。未定期更換的憑證、被假定安全的軟件,以及缺乏監管而連接至網絡的設備,現已成為首選的入侵途徑。這一現實要求策略性轉變:防禦機制必須超越傳統邊界,採納研究者所稱的「常規風險優先」立場。這意味著優先對開源依賴項進行嚴格且持續的審計,為所有已連接設備實施全面的生命週期管理,並推行嚴格的憑證衛生措施,以消除攻擊者正主動尋求的低垂果實。驚心動魄、電影般的數據外洩時代,或將讓位給一個系統性忽視被大規模工業化利用的新階段。