Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
The Five Eyes Alliance is recording a historic shift in hacker tactics.
The cybersecurity agencies of the Five Eyes alliance countries (the United States, the United Kingdom, Australia, Canada, and New Zealand) have warned of an increase in the use of zero-day vulnerabilities to penetrate victims' networks. In contrast to previous years, when the focus was on exploiting outdated vulnerabilities, the new report notes the increased attention of hackers to recently identified flaws in systems.
In a joint report, experts listed the 15 most commonly exploited vulnerabilities of 2023. In first place was the vulnerable element CVE-2023-3519 (CVSS score: 9.8) in NetScaler network equipment from Citrix. It was reported that this bug allowed attackers believed to be associated with China to hack thousands of devices en masse, automatically installing web shells for long-term access to the system.
Other critical vulnerabilities actively exploited by hackers include vulnerabilities in Cisco routers, Fortinet VPN hardware, and the MOVEit file transfer tool, which has become a target for the Clop ransomware group and a nightmare for thousands of companies around the world. Most of the vulnerabilities on the list were initially exploited as zero-day vulnerabilities.
The MOVEit incident is related to an attack by the Clop group, which has been exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data since the end of May 2023. MOVEit is used for secure file transfers in a corporate environment. The attacks affected thousands of organizations around the world and resulted in data breaches for tens of millions of people. Among those affected are major corporations and U.S. government agencies, including the U.S. Department of Energy, Shell, Deutsche Bank, and PwC.
In addition, the other day, Amazon confirmed the leak of its employees' data after a hacker published the stolen data on the darknet. The incident is related to an attack on the MOVEit platform that occurred in May 2023.
The UK's National Cyber Security Centre (NCSC) stressed that this trend continues in 2024, indicating a significant change from 2022, when less than half of such attacks were based on zero-day vulnerabilities. Experts insist that timely patching and the use of more secure products can help organizations minimize the threat of penetration.
Source
The cybersecurity agencies of the Five Eyes alliance countries (the United States, the United Kingdom, Australia, Canada, and New Zealand) have warned of an increase in the use of zero-day vulnerabilities to penetrate victims' networks. In contrast to previous years, when the focus was on exploiting outdated vulnerabilities, the new report notes the increased attention of hackers to recently identified flaws in systems.
In a joint report, experts listed the 15 most commonly exploited vulnerabilities of 2023. In first place was the vulnerable element CVE-2023-3519 (CVSS score: 9.8) in NetScaler network equipment from Citrix. It was reported that this bug allowed attackers believed to be associated with China to hack thousands of devices en masse, automatically installing web shells for long-term access to the system.
Other critical vulnerabilities actively exploited by hackers include vulnerabilities in Cisco routers, Fortinet VPN hardware, and the MOVEit file transfer tool, which has become a target for the Clop ransomware group and a nightmare for thousands of companies around the world. Most of the vulnerabilities on the list were initially exploited as zero-day vulnerabilities.
The MOVEit incident is related to an attack by the Clop group, which has been exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data since the end of May 2023. MOVEit is used for secure file transfers in a corporate environment. The attacks affected thousands of organizations around the world and resulted in data breaches for tens of millions of people. Among those affected are major corporations and U.S. government agencies, including the U.S. Department of Energy, Shell, Deutsche Bank, and PwC.
In addition, the other day, Amazon confirmed the leak of its employees' data after a hacker published the stolen data on the darknet. The incident is related to an attack on the MOVEit platform that occurred in May 2023.
The UK's National Cyber Security Centre (NCSC) stressed that this trend continues in 2024, indicating a significant change from 2022, when less than half of such attacks were based on zero-day vulnerabilities. Experts insist that timely patching and the use of more secure products can help organizations minimize the threat of penetration.
Source
