Enterprise networks with zero-day vulnerabilities were the main targets of malicious cyber actors in 2023, according to a joint cybersecurity advisory from U.S., Australian, British and New Zealand government agencies.
The advisory listed the top 15 common vulnerabilities and exposures, or CVEs, from last year and noted that 11 of them were initially exploited as a zero day, a system vulnerability unknown to its owner, developer and the general public, the National Security Agency said Tuesday.
Cybersecurity Best Practices
Jeffrey Dickerson, NSA’s cybersecurity technical director, warned network defenders that the malicious actors may continue to exploit such vulnerabilities until 2025. To prevent zero-day vulnerability attacks, he advised the defenders to be attentive to cybersecurity threat trends and act swiftly to ensure vulnerabilities are patched and mitigated.
Other recommendations include prioritizing secure-by-default configurations, implementing a centralized patch management system, using security tools and asking software providers about their secure-by-design programs to protect enterprise networks from cyberattacks.
NSA, the Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the United Kingdom’s National Cyber Security Centre are among the advisory’s authors.