Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
CISA warns that most of the top routinely exploited vulnerabilities during 2023 were zero-days.
The FBI, the NSA, and 5 other cybersecurity authorities, like the UK’s National Cyber Security Centre (NCSC), were also partners in releasing The 2023 Top Routinely Exploited Vulnerabilities.
In 2022 less than half of the top exploited flaws were zero-days, but this trend has reversed. The analysis revealed that most top vulnerabilities in 2023 were first abused in the wild.
In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.
Source – CISA Cybersecurity Advisory
CISA’s recommendations against zero-day attacks
The Agency urged end-users to check for signs of compromise if they hadn’t yet patched the CVEs mentioned in the advisory. You can check the vulnerabilities list here.
The next important step to do is to apply patches as fast as possible. Implementing a centralized patch management system is one of CISA’s recommendations for patching in time.
However, thwarting a zero-day attack calls for more than patching. Here’s three other tools CISA recommends for preventing zero-day exploitation:
- endpoint detection and response (EDR)
- web application firewalls
- network protocol analyzers
Most zero-day exploits, including at least three of the top 15 vulnerabilities from last year, have been discovered when an end user or EDR system reports suspicious activity or unusual device malfunctions.
Source – CISA Cybersecurity Advisory
Why zero-days got in top 15 exploited flaws
Most of us agree there’s no such thing as unflawed software. Yet CISA’s secure by design and default principles and tactics release suggests there’s always room for improvement.
Furthermore, its recent advisory on 2023 Top Routinely Exploited Vulnerabilities says vendors should implement secure by design practices and prioritize secure by default configurations. The Agency even urged end-users to challenge software vendors on this matter.
Members of the cybersecurity community on Reddit also agree and say that the quality of software in general got worse:
As a developer, I believe it’s because corners are cut to get things out as fast as possible. The people making the decisions don’t care if their software is a security hole riddled mountain of tech debt.
The quality of software is worse.
wait till the ai-fueled code “revolution” happens, after it has eaten away at entry-to-mid level developers fundamentals and the consumer of generative ai code suggestions is no longer savvy enough to realize obvious flaws in the input.
Source – r/cybersecurity
Cyber security speaker Mikkel Pedersen points to another possible reason:
It could seem like the cyber criminals are focusing more on keeping knowledge about new vulnerabilities in-house, instead of sharing PoC’s on forums, combined with more agile operations, that are better at large scale initial attacks, to get full value from the Zero-Day
With the switch from individual groups to more cartel-like organizations I expect they are also better at keeping secrets about discoveries as well as knowing how to exploit them, without having to acquire for input/assistance on dark web forums.
As prevention measures against zero-day vulnerabilities, Mikkel Pedersen recommends several security best practices:
- limit the number and access to privileged accounts on your network
- monitor and block potential harmful external network traffic – you can use DNS filtering for that.
- make it a priority to conduct detailed threat hunting when discovering suspicious activities
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube.
