Andreas Prott - stock.adobe.com

Zero-day exploits increasingly sought out by attackers

Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023

Threat actors – both state-backed and financially motivated – are increasingly taking advantage of previously unknown vulnerabilities, or zero-days, to compromise their victims before fixes or patches are made available by the tech industry, according to an advisory published by the Five Eyes cyber agencies, including the UK’s National Cyber Security Centre (NCSC) and the US’s Cybersecurity and Infrastructure Security Agency (CISA).

The agencies have collectively drawn up a list of the 15 most exploited vulnerabilities of 2023, and found that the majority of exploited vulnerabilities were zero-days compared with less than half in 2022. The trend has continued through 2024, said the NCSC.

The NCSC added that defenders needed to up their game when it came to vulnerability management, paying particular attention to applying updates as quickly as possible when they do arrive, and to making sure they have identified all the potentially affected IT assets in their estates.

The organisation also urged suppliers and developers to do more to implement secure-by-design principles into their products, something the Five Eyes governments – Australia, Canada, New Zealand, the UK and the US – have become particularly vocal about in the past 18 months. Doing so helps reduce the risk of vulnerabilities being accidentally introduced during development, only to be taken advantage of further down the line.

“More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organisations and vendors alike as malicious actors seek to infiltrate networks,” said NCSC chief technology officer Ollie Whitehouse.

“To reduce the risk of compromise, it is vital all organisations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace,” he said.

“We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and life-cycle to help stamp out this insidious game of whack-a-mole at source.”

Full list

The full list of the vulnerabilities most frequently exploited during 2023 is as follows:

The full list, which can be downloaded from CISA, also contains details of a number of other issues that were observed being routinely exploited during 2023, prominent among them two vulnerabilities in Ivanti products disclosed in August 2023, and the infamous Fortra GoAnywhere flaw exploited, yet again, by the Cl0p gang.

Read more about recent zero-days

  • Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw.
  • According to Fortinet, the FortiManager vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
  • More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown.

Read more on Application security and coding requirements

Search CIO
Search Security
Search Networking
Search Data Center
Search Data Management
Close