The surge in exploits of zero-day vulnerabilities has become the “new normal,” according to a recent warning from the Five Eyes intelligence alliance—comprising the U.S., U.K., Canada, Australia, and New Zealand. Cybersecurity agencies report a significant increase in hackers targeting previously undisclosed vulnerabilities this year, marking a shift from the trend of exploiting older vulnerabilities that predominated in past years.

At the top of the list: CVE-2023-3519

In a co-authored advisory released on November 14, 2024, the Five Eyes agencies detailed the top 15 most routinely exploited vulnerabilities, highlighting that, for the first time since these annual reports began, most of the listed vulnerabilities were initially exploited as zero-days. At the top of the list is CVE-2023-3519, a remote code execution bug in Citrix’s networking product, NetScaler. This vulnerability, along with CVE-2023-4966—related to sensitive information leaks—underscores Citrix’s significant cyber security woes this year.

Cisco also found itself in the spotlight, occupying the third and fourth positions on the list with vulnerabilities in its IOS XE operating system. Critical issues allow attackers to create local accounts and subsequently elevate their privileges to root. Following closely in fifth place is Fortinet’s FortiOS, also affected by severe vulnerabilities enabling remote code execution through a heap-based buffer overflow. Meanwhile, the file transfer tool MOVEit rounds out the top six, with a SQL injection vulnerability that has proven popular with threat actors.

Ollie Whitehouse, chief technology officer of the U.K.’s National Cyber Security Centre (NCSC), stated, “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks.” In emphasizing the importance of proactive measures, he urged organizations to promptly apply patches and insist on secure-by-design products in the tech marketplace. The message is clear: vigilance in vulnerability management is crucial.

Organizations face a staggering challenge, particularly considering the high-profile list which includes vulnerabilities from well-known software systems. The impact of such breaches can be disastrous, as hackers gain access to sensitive networks and information. The exploitation of vulnerabilities like those in Citrix and Cisco not only risks significant data loss but could also undermine entire systems’ integrity.

Another notable entry is Atlassian’s Confluence, ranking seventh, which has a vulnerability allowing attackers to create admin-level accounts on affected servers. Hugely significant is the inclusion of the infamous Apache Log4j vulnerability, which ranks eighth. Despite being discovered in 2021, many organizations have yet to resolve this flaw, showcasing a troubling trend of inadequate patching practices.

Barracuda’s Email Security Gateway follows closely in ninth place due to its problematic input validation issues, popular with state-sponsored attackers. Zoho and PaperCut also made the list, reflecting the breadth of vulnerabilities affecting software across various sectors. Microsoft appears twice, with a 2020 netlogon protocol flaw sitting 12th and an Outlook issue escalating privileges at 14th—demonstrating that even tech giants grapple with legacy vulnerabilities.

Microsoft urges users to update Windows after zero-day vulnerabilities

Finally, open source file-sharing software, ownCloud, rounds out the list with a critical flaw allowing attackers to steal sensitive credentials. As these vulnerabilities persist, the Five Eyes agencies emphasize the importance for organizations to not only remain vigilant but to reinforce security measures from the development stage through to deployment.

Cyber attackers are not taking any breaks, and neither should organizations when safeguarding their digital environments. With the landscape of cyber threats evolving daily, understanding vulnerability trends and adapting swiftly is key to defending against exploitation effectively.

Featured image credit: Wesley Ford/Unsplash