Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets. That’s according to an advisory notice by the UK official National Cyber Security Centre (NCSC) – a part of the Government listening agency GCHQ – with its equivalents in the United States (CISA), Australia, Canada and New Zealand.
The advice for end users includes; ‘apply timely patches to systems’. The authorities say that enterprise network defenders should maintain vigilance with their vulnerability management processes, including applying all security updates in a timely manner and ensuring they have identified all assets in their estates.
The NCSC also calls on technology vendors and developers to follow advice on implementing secure-by-design principles into their products.
Ollie Whitehouse, NCSC Chief Technology Officer, said: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organisations and vendors alike as malicious actors seek to infiltrate networks.
“To reduce the risk of compromise, it is vital all organisations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace. We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and life-cycle to help stamp out this insidious game of whack-a-mole at source.”
For the full advisory on ‘2023 Top Routinely Exploited Vulnerabilities’, visit the CISA website.
Comments
Toby Lewis, Global Head of Threat Analysis at the cyber firm Darktrace, said: “These findings highlight a recent trend in the cyber threat landscape – attackers are increasingly finding and exploiting vulnerabilities before vendors even know they exist. Waiting for patches is no longer enough, and defenders should operate on the presumption that no device is immune from exploitation.
The lifecycle of these zero-day exploits can be especially worrying. In targeted attacks, where used sparingly by attackers, exploits can remain in-use and undetected for months, if not years, giving attackers prolonged access to high value networks. We saw this with the Hafnium attacks against Microsoft Exchange servers, where AI-based anomaly detection spotted the threat months before it became public knowledge.
Organisations need to move beyond reactive patch management to more proactive defence strategies. This means implementing robust privileged access management, zero trust architecture, and most crucially, anomaly detection that can spot suspicious behaviour even when we don’t yet know what vulnerability is being exploited. It’s not just about fixing known holes anymore, it’s about assuming compromise and limiting the damage attackers can do when they inevitably get in.”
And Juliette Hudson, CTO of CybaVerse said: “Organisations often only see phishing as the avenue criminals use to breach their networks, but research has recently showed that exploiting vulnerabilities is now fast becoming a top attack vector. Criminals can exploit weaknesses in software to break into networks, often changing security settings and elevating privileges before deploying malware, like ransomware.
“This can prove catastrophic for organisations and must act as a warning that all vulnerabilities should be patched as soon as patches are released. Compounding the challenge, cybercriminals are now leveraging AI to rapidly scan networks and pinpoint systems vulnerable to specific CVEs. This minimises the effort required to identify targets and dramatically accelerates the attack lifecycle. Organisations must be vigilant and patch zero days and critical CVEs, when available, or follow mitigation steps as an interim. This is a priority step and key to keeping safe.”
