Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance

Avatar

The cybersecurity agencies of the Five Eyes intelligence alliance (the U.S., U.K., Australia, Canada and New Zealand) issued a warning on Tuesday that hackers were increasingly exploiting zero-day vulnerabilities to access their targets’ networks.

It marks a significant departure from similar advisories issued in 2022 and 2021, when the agencies warned that malicious cyber actors were exploiting older software vulnerabilities more frequently than recently disclosed ones.

In a co-authored advisory, the agencies list the top 15 most routinely exploited vulnerabilities of 2023, with CVE-2023-3519 — an issue affecting Citrix’s networking product NetScalers — being the most widely used.

Reports around the time the NetScalers bug was patched warned that an adversary, with what Mandiant believed may have a China-nexus, used the flaw to compromise thousands of devices in an automated fashion, placing webshells on them to gain persistent access.

Other widely exploited vulnerabilities included a critical vulnerability affecting Cisco routers, another in Fortinet VPN equipment and one affecting the MOVEit file transfer tool that was widely exploited by the Clop ransomware gang.

The advisory notes that, for the first time since the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and partners began sharing this annual list, the majority of these vulnerabilities contained on it were initially exploited as zero-days. 

Although the advisory only covers last year, the trend of zero-day exploitation has continued into 2024 according to Britain’s National Cyber Security Centre (NCSC), marking “a shift from 2022 when less than half of the top list was initially exploited as zero-day vulnerabilities.”

Ollie Whitehouse, the NCSC’s chief technology officer, warned: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks.

“To reduce the risk of compromise, it is vital all organizations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace,” said Whitehouse.

CybercrimeGovernmentNewsNews BriefsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Cyberattack causes credit card readers to malfunction in Israel

Next Post

Controversial UN cybercrime treaty clears final hurdle before full vote as US defends support

Related Posts

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device," Kaspersky said in an
Avatar
Read More