The UK National Cyber Security Centre has issued an alert highlighting an increase in cyber attackers exploiting previously unknown vulnerabilities to compromise enterprise networks.

In an advisory note published in conjunction with international partner organisations, the NCSC has shared a list of the top 15 routinely exploited vulnerabilities of 2023. It highlights that the majority of these were first exploited as zero-days – weaknesses that were recently discovered and where a fix or patch was not immediately available from the vendor – allowing attackers to conduct cyber operations against higher-priority targets.

This trend – which the NCSC says it has continued to observe into 2024 – marks a shift from 2022 when less than half of the top list was initially exploited as zero-day vulnerabilities. The NCSC urges organisations to maintain vigilance with their vulnerability management processes, including applying all security updates in a timely manner and ensuring they have identified all assets in their estates.

It also calls on technology vendors and developers to follow advice on implementing secure-by-design principles into their products to help reduce the risk of vulnerabilities being introduced at source and being exploited later.

Ollie Whitehouse, chief technology officer at the NCSC, said: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organisations and vendors alike as malicious actors seek to infiltrate networks.

“To reduce the risk of compromise, it is vital all organisations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace. We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and lifecycle to help stamp out this insidious game of whack-a-mole at source.”

---