Most Exploited Vulnerabilities Began as Zero-Days

Call made on vendors and developers to implement secure-by-design principles.

An alert has been issued by national cybersecurity agencies, warning of an increase in the number of attackers exploiting previously unknown vulnerabilities.

Providing a list of the top 15 most routinely exploited vulnerabilities of 2023, the majority were first exploited as zero-days, and the agencies “strongly encourage enterprise network defenders to maintain vigilance with their vulnerability management processes, including applying all security updates in a timely manner and ensuring they have identified all assets in their estates.”

They also called on technology vendors and developers to follow advice on implementing secure-by-design principles into their products to help reduce the risk of vulnerabilities being introduced at source and being exploited later.

Ollie Whitehouse, CTO at the NCSC, said: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organisations and vendors alike as malicious actors seek to infiltrate networks.

“To reduce the risk of compromise, it is vital all organisations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace.”

Vulnerabilities and Flaws Published: 13 November