In a stark warning to enterprises worldwide, cybersecurity experts have highlighted a troubling rise in the exploitation of zero-day vulnerabilities by malicious cyber actors.
This revelation comes from the latest annual Cybersecurity Advisory (CSA) titled "2023 Top Routinely Exploited Vulnerabilities," co-authored by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and several international partners.
The advisory details the top 15 Common Vulnerabilities and Exposures (CVEs) identified in 2023, with 11 of these 15 vulnerabilities initially exploited as zero-days. This marks a significant increase from the previous year, where only two such vulnerabilities were zero-days.
Zero-day vulnerabilities are particularly dangerous as they are unknown to the system's owner, developer, and the general public, making them prime targets for cybercriminals. They are called “zero-day” threats because there is no time to prepare a patch.
Urgent need
Jeffrey Dickerson, NSA’s cybersecurity technical director, emphasized the urgency of addressing these vulnerabilities.
"All of these vulnerabilities are publicly known, but many are in the top 15 list for the first time," he said. "Network defenders should pay careful attention to trends and take immediate action to ensure vulnerabilities are patched and mitigated. Exploitation will likely continue in 2024 and 2025."
The CSA not only lists the top 15 exploited CVEs but also provides a comprehensive overview of additional routinely exploited vulnerabilities. This information, along with previous reports, is intended to aid in future trend analysis and retrospection, offering valuable insights for cybersecurity professionals.
To combat these threats, the report urges vendors, designers, and developers to prioritize secure-by-default configurations and ensure that published CVEs include the correct Common Weakness Enumerations (CWEs) to pinpoint the root causes of vulnerabilities.
Advice to end-users
End-user organizations are advised to apply timely patches, implement centralized patch management systems, and utilize security tools such as endpoint detection and response (EDR), web application firewalls, and network protocol analyzers. Additionally, organizations should inquire about their software providers' secure-by-design programs to enhance their defenses.
The advisory is a collaborative effort, with contributions from the FBI, the Australian Signals Directorate’s Australian Cyber Security Centre, the Canadian Centre for Cyber Security, New Zealand's National Cyber Security Centre, Computer Emergency Response Team New Zealand, and the United Kingdom’s National Cyber Security Centre.