Cyberattackers Increasingly Exploit Zero-Day Flaws, Warn Five Eyes Agencies
Cybersecurity agencies from the Five Eyes alliance nations (the United States, United Kingdom, Australia, Canada, and New Zealand) are warning of a sharp rise in the exploitation of zero-day vulnerabilities to infiltrate victims’ networks. Unlike previous years, which saw a focus on older, unpatched vulnerabilities, this new report highlights hackers’ intensified targeting of recently discovered system flaws.
In a joint report, experts identified the 15 most frequently exploited vulnerabilities of 2023. Topping the list is the CVE-2023-3519 vulnerability (CVSS score: 9.8) found in Citrix’s NetScaler networking equipment. This flaw reportedly enabled attackers, allegedly linked to China, to compromise thousands of devices en masse, deploying web shells for persistent system access.
Other critical vulnerabilities actively leveraged by hackers include flaws in Cisco routers, Fortinet VPN equipment, and the MOVEit file transfer tool, which became a prime target for the Clop ransomware group, posing a severe threat to thousands of companies globally. Most vulnerabilities on the list were initially exploited as zero-day flaws.
The MOVEit incident is connected to an attack by the Clop group, which, starting in late May 2023, exploited a zero-day vulnerability in the MOVEit Transfer platform to steal data. MOVEit is widely used for secure file transfers in corporate environments. The attacks impacted thousands of organizations worldwide, leading to the exposure of data on tens of millions of individuals. Among the affected entities were major corporations and U.S. government agencies, including the Department of Energy, Shell, Deutsche Bank, and PwC.
Additionally, Amazon recently confirmed a data breach involving its employees after a hacker posted stolen information on the dark web, an incident tied to the MOVEit platform attack in May 2023.
The UK’s National Cyber Security Centre (NCSC) emphasized that this trend continues into 2024, marking a significant shift from 2022 when fewer than half of similar attacks were based on zero-day flaws. Experts underscore that timely patch applications and the use of more secure products can help organizations mitigate the risk of intrusion.
