Share this article on:
Zero-day exploits were the most commonly used by threat actors to compromise organisations, with a sharp rise in their use compared to 2022.
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has joined a host of partner agencies to release a report on the most commonly exploited vulnerabilities of 2023.
The joint advisory – imaginatively named 2023 top routinely exploited vulnerabilities – was co-authored by agencies from the Five Eyes alliance, including the US Cybersecurity and Infrastructure Security Agency, the UK’s National Cyber Security Centre, and New Zealand’s National Cyber Security Centre.
Along with listing the 15 most commonly exploited vulnerabilities used by threat actors in 2023, the most alarming finding is that the use of zero-day exploits is on the rise.
According to the advisory, in 2023, “the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day”.
The agencies also found the vulnerabilities have a certain window of effectiveness, with threat actors having the most success within two years of a vulnerability’s disclosure. After that time, systems and platforms tend to eventually be patched or otherwise remediated.
Regarding the most used vulnerabilities, the top two are CVE-2023-3519 and CVE-2023-4966, both impacting Citrix NetScaler ADC and NetScaler Gateway. Numbers three and four are CVE-2023-20198 and CVE-2023-20273, both impacting Cisco IOS XE.
CVE-2023-27997 is number five, and it affects Fortinet FortiOS and FortiProxy SSL-VPN, while number six is CVE-2023-34362, which affects Progress MOVEit Transfer.
You can find the full list in the advisory here.
According to James Greenwood, regional vice president of technical account management at cyber security firm Tanium, “it’s impossible for the average IT operations teams to keep up with zero-day, and even existing, vulnerabilities without automation. Automated patching allows teams to switch from reactive to proactive vulnerability management, keeping systems up to date at speed and scale.”
Tanium’s own research has found that 94 per cent of organisations are unaware of 20 per cent of their endpoints, which illustrates the importance of real-time monitoring.
“Those organisations looking to heed the ACSC’s advice need to deploy tools that can identify and manage endpoints in real-time,” Greenwood said.
“When every moment counts, organisations can then identify affected assets in seconds so that vulnerabilities are contained quickly. This is the only way we stand a chance against zero-day exploits.”
Janine Morris, industry engagement and strategy lead at AvePoint, also noted that the ACSC’s advisory shows the need for proper data governance routines.
“By properly classifying, controlling access to critical data and disposing of content that is no longer required, organisations can limit exposure and prevent unauthorised access in the event of a breach,” Morris said.
“Strong governance ensures sensitive data remains protected, even when vulnerabilities are exploited.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.