Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance

Avatar

The cybersecurity agencies of the Five Eyes intelligence alliance (the U.S., U.K., Australia, Canada and New Zealand) issued a warning on Tuesday that hackers were increasingly exploiting zero-day vulnerabilities to access their targets’ networks.

It marks a significant departure from similar advisories issued in 2022 and 2021, when the agencies warned that malicious cyber actors were exploiting older software vulnerabilities more frequently than recently disclosed ones.

In a co-authored advisory, the agencies list the top 15 most routinely exploited vulnerabilities of 2023, with CVE-2023-3519 — an issue affecting Citrix’s networking product NetScalers — being the most widely used.

Reports around the time the NetScalers bug was patched warned that an adversary, with what Mandiant believed may have a China-nexus, used the flaw to compromise thousands of devices in an automated fashion, placing webshells on them to gain persistent access.

Other widely exploited vulnerabilities included a critical vulnerability affecting Cisco routers, another in Fortinet VPN equipment and one affecting the MOVEit file transfer tool that was widely exploited by the Clop ransomware gang.

The advisory notes that, for the first time since the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and partners began sharing this annual list, the majority of these vulnerabilities contained on it were initially exploited as zero-days. 

Although the advisory only covers last year, the trend of zero-day exploitation has continued into 2024 according to Britain’s National Cyber Security Centre (NCSC), marking “a shift from 2022 when less than half of the top list was initially exploited as zero-day vulnerabilities.”

Ollie Whitehouse, the NCSC’s chief technology officer, warned: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks.

“To reduce the risk of compromise, it is vital all organizations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace,” said Whitehouse.

CybercrimeGovernmentNewsNews BriefsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Next Post

Controversial UN cybercrime treaty clears final hurdle before full vote as US defends support

Related Posts

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of
Avatar
Read More

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload. "DarkVision RAT communicates with its command-and-control (C2) server using a custom network
Omega Balla
Read More