The report provides insights into the tactics used by malicious actors and weaknesses they target
The National Cyber Security Centre (NCSC) has recently released an advisory, outlining the most commonly exploited cyber vulnerabilities in 2023.
Published in collaboration with cybersecurity agencies from the UK, Australia, the United States, and Canada, the report provides critical insights into the tactics used by malicious actors and the weaknesses they target.
The advisory highlighted an increase in the exploitation of zero-day vulnerabilities compared to the previous year. Zero-day vulnerabilities, which are exploited before the affected software developers have issued a patch, have allowed cybercriminals to target enterprise networks with greater efficiency. The report noted that most of the frequently exploited vulnerabilities in 2023 were initially leveraged as zero-day exploits. This marked a shift from 2022, when less than half of such vulnerabilities began as zero-day exploits.
Latest News
The report also underscored that malicious cyber actors typically find the greatest success within two years of a vulnerability’s public disclosure. Over time, the effectiveness of these vulnerabilities diminishes as more systems are patched or replaced. The advisory emphasized the importance of international cybersecurity efforts in shortening the lifecycle of zero-day vulnerabilities, thereby reducing their utility to attackers.
Encouragingly, all the vulnerabilities listed in the report have patches and fixes available, offering a clear path for organizations to mitigate potential risks. However, the advisory stressed the need for constant vigilance in vulnerability management by network defenders, vendors, developers, and end-user organizations. According to the NCSC, implementing the recommended mitigations and updates is crucial to reducing the risk of compromise.
The advisory was co-authored by several leading cybersecurity agencies, including the UK National Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency, the US Federal Bureau of Investigation, the US National Security Agency, the Australian Cyber Security Centre, and the Canadian Centre for Cyber Security.
The NCSC encourages vendors, designers, developers, and end-user organisations to implement the recommendations and mitigations outlined in the advisory to reduce the risk of compromise.