Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance

Avatar

The cybersecurity agencies of the Five Eyes intelligence alliance (the U.S., U.K., Australia, Canada and New Zealand) issued a warning on Tuesday that hackers were increasingly exploiting zero-day vulnerabilities to access their targets’ networks.

It marks a significant departure from similar advisories issued in 2022 and 2021, when the agencies warned that malicious cyber actors were exploiting older software vulnerabilities more frequently than recently disclosed ones.

In a co-authored advisory, the agencies list the top 15 most routinely exploited vulnerabilities of 2023, with CVE-2023-3519 — an issue affecting Citrix’s networking product NetScalers — being the most widely used.

Reports around the time the NetScalers bug was patched warned that an adversary, with what Mandiant believed may have a China-nexus, used the flaw to compromise thousands of devices in an automated fashion, placing webshells on them to gain persistent access.

Other widely exploited vulnerabilities included a critical vulnerability affecting Cisco routers, another in Fortinet VPN equipment and one affecting the MOVEit file transfer tool that was widely exploited by the Clop ransomware gang.

The advisory notes that, for the first time since the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and partners began sharing this annual list, the majority of these vulnerabilities contained on it were initially exploited as zero-days. 

Although the advisory only covers last year, the trend of zero-day exploitation has continued into 2024 according to Britain’s National Cyber Security Centre (NCSC), marking “a shift from 2022 when less than half of the top list was initially exploited as zero-day vulnerabilities.”

Ollie Whitehouse, the NCSC’s chief technology officer, warned: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks.

“To reduce the risk of compromise, it is vital all organizations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace,” said Whitehouse.

CybercrimeGovernmentNewsNews BriefsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Next Post

Controversial UN cybercrime treaty clears final hurdle before full vote as US defends support

Related Posts

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to
Avatar
Read More