Introduction

In 2023, Britain and its international allies within the Five Eyes Alliance have raised an alert concerning a surge in cyber attackers exploiting previously unknown vulnerabilities to infiltrate enterprise networks. The National Cyber Security Centre (NCSC) [4], in collaboration with partners from Australia [4], Canada [2] [4], New Zealand [2] [4], and the United States [2] [4], has identified the top 15 routinely exploited vulnerabilities of the year [4], highlighting a significant increase in zero-day vulnerability exploitation.

Description

Britain and its international allies [4], part of the Five Eyes Alliance, have issued an alert regarding an increase in cyber attackers exploiting previously unknown vulnerabilities to compromise enterprise networks [4]. The National Cyber Security Centre (NCSC) [4], in collaboration with partners from Australia [4], Canada [2] [4], New Zealand [2] [4], and the United States [2] [4], has identified the top 15 routinely exploited vulnerabilities of 2023 [4]. This year has seen a notable rise in the exploitation of zero-day vulnerabilities, with malicious cyber actors particularly targeting higher-priority systems. In fact, the majority of the top 15 vulnerabilities were initially zero-day exploits [1] [3], marking a significant increase compared to 2022 [4], when less than half of the top vulnerabilities fell into this category [3]. Cyber actors have demonstrated the highest success in exploiting vulnerabilities within two years following their public disclosure [3], as the effectiveness of these vulnerabilities diminishes over time due to system patches and replacements [3].

Among the most exploited vulnerabilities this year are critical flaws in products from Citrix [1], Cisco [1], and Fortinet [1]. Citrix’s NetScaler ADC and Gateway products were significantly affected [1], with CVE-2023-3519 emerging as the most exploited vulnerability of the year [1], allowing attackers to execute a stack buffer overflow through a crafted HTTP GET request [1], leading to arbitrary code execution [1]. Another Citrix vulnerability [1], CVE-2023-4966 [1], known as “CitrixBleed,” resulted in session token leakage [1], further exposing enterprise systems [1].

Cisco’s IOS XE Web UI faced challenges with CVE-2023-20198 and CVE-2023-20273 [1]. The first vulnerability permitted unauthorized users to create local credentials [1], while the second facilitated privilege escalation [1], enabling attackers to gain root-level control [1]. These vulnerabilities underscore the critical need for securing administrative interfaces.

Fortinet’s FortiOS and FortiProxy SSL-VPN were also compromised [1], with CVE-2023-27997 allowing remote attackers to execute arbitrary code via a heap-based buffer overflow [1], posing a significant risk to numerous firewalls worldwide [1].

The NCSC emphasizes the importance of timely application of security updates and thorough asset identification for enterprise network defenders [4]. Ollie Whitehouse [4], NCSC Chief Technology Officer [4], highlighted the need for organizations to adopt secure-by-design principles in product development to mitigate risks [4]. All listed vulnerabilities have available patches [4], and organizations are urged to implement vendor updates promptly to minimize exploitation opportunities [4]. The advisory also includes 32 other routinely exploited vulnerabilities from 2023 [4], recommending that network defenders follow vendor guidance and check for indicators of compromise before applying updates [4]. Furthermore, the advisory warns that exploitation is expected to persist into 2024 and 2025 [2], underscoring the need for vigilance and proactive measures in cybersecurity. International cybersecurity efforts are crucial in shortening the lifespan of these vulnerabilities [3], further reducing the utility of zero-day exploits.

Conclusion

The alert issued by the Five Eyes Alliance underscores the critical need for organizations to remain vigilant against the rising threat of zero-day vulnerabilities. The identification of the top 15 exploited vulnerabilities of 2023 highlights the importance of timely security updates and the adoption of secure-by-design principles. As cyber threats are expected to persist into the coming years, proactive measures and international collaboration are essential to mitigate risks and reduce the effectiveness of zero-day exploits. Organizations must prioritize the implementation of vendor updates and adhere to cybersecurity best practices to safeguard their networks against potential breaches.

References

[1] https://securityboulevard.com/2024/11/zero-day-exploits-surge-in-2023-cisco-fortinet-vulnerabilities-targeted/
[2] https://news.clearancejobs.com/2024/11/18/the-15-most-exploited-cyber-vulnerabilities-of-2023-according-to-five-eyes-alliance/
[3] https://www.schneier.com/blog/archives/2024/11/most-of-2023s-top-exploited-vulnerabilities-were-zero-days.html
[4] https://www.cybersecurityintelligence.com/blog/imminent-zero-day-attacks-8069.html