
By this point, we’ve all been hit with a letter or email stating, “We regret to inform you that our systems were recently compromised in a cyberattack, potentially impacting your personal information.” Gut-wrenching, right? You may not know if someone else has your information, what information they have, or what they will do with it. You have been a victim of digital theft and, once it’s done, you may be left picking up pieces shattered by a cybersecurity vulnerability.
However, once we know what happened, we can grow from the incident and better protect ourselves in the future. That’s why it’s important to analyze the top ways our systems have been exploited in the past so that our systems are more prepared than ever for the future.
In an effort to improve international cybersecurity, five countries work together to form the Five Eyes Intelligence Oversight & Review Council (FIORC). The United States, Australia, United Kingdom, New Zealand, and Canada work together by sharing intelligence about each country’s respective cyber capabilities.
In doing so, the Five Eyes alliance protects individual national interest through the collaborative sharing of cyber threat intelligence. Lately, this group has been warning the world that hackers are increasingly exploiting “zero-day vulnerabilities” to access sensitive information around the world. This marks a noticeable change in malicious online behavior, since attackers previously favored the exploitation of older software vulnerabilities.
A “zero-day vulnerability” or a “zero-day exploit” is a flaw in a software, hardware, or firmware system that is yet unknown, thus presenting a security gap that doesn’t have a known remedy. Cybercriminals discover these flaws before the device vendors are aware of them, then they take advantage of the insecurity for as long as they can before as solution is patched through to the system.
It’s important to be aware of the fact that there may always be bugs we don’t know about yet so that we can remain vigilant against these future threats. If we know how systems have been exploited in the past, we have better chances of preventing similar attacks in the future.
In November 2024, the Five Eyes intelligence alliance released an official Cybersecurity Advisory report listing the top 15 most-abused security flaws of 2023.
Vendor | Issue | Impact | Date | Severity |
---|---|---|---|---|
Citrix | Remote code execution in NetScaler ADC/Gateway | Unauthorized data disclosure | July 2023 | Critical |
Citrix | Citrix Bleed – Information leak in NetScaler | System control compromise | October 2023 | Critical |
Cisco | IOS XE local user creation vulnerability | Privilege escalation | 2023 | High |
Cisco | IOS XE web UI privilege escalation | Root access | 2023 | Critical |
Fortinet | FortiOS buffer overflow vulnerability | Remote code execution | 2023 | Critical |
Progress Software | MOVEit Transfer SQL injection | Database compromise | 2023 | Critical |
Atlassian | Confluence input validation flaw | Admin account creation | 2023 | Critical |
Apache | Log4Shell vulnerability | Complete system control | 2021-2023 | Critical |
Barracuda | Email Security Gateway exploit | Remote command execution | 2023 | Critical |
Zoho | ManageEngine SAML vulnerability | Database access | 2023 | Critical |
PaperCut | PII exposure vulnerability | Data breach & ransomware | 2023 | High |
Microsoft | Netlogon domain controller spoofing | Domain control | 2020-2023 | Critical |
JetBrains | TeamCity authentication bypass | Administrative control | 2023 | Critical |
Microsoft | Outlook privilege escalation | Credential theft | 2023 | High |
ownCloud | GraphAPI information disclosure | Credential theft | 2023 | High |
Although the most recent report from FICOR focused on data from 2023, it helps us better understand how to protect ourselves against the innovative tactics used by cybercriminals around the world. Based on what we know about what happened in 2023, here are some tips for keeping you and your company’s data secure in the face of an ever-changing digital landscape.
New system updates typically include a vendor’s most secure version of their product or service. To ensure that you don’t get left behind with a vulnerable version of the system, make sure you follow your vendor’s recommendations regarding system upgrades.
After new security flaws are released, keep them on your radar for at least two years. Findings from the Five Eyes council indicate that cyber actors garner the most success from vulnerabilities within the first two years of their disclosure to the public.
When the worst happens (and data indicates that no system is perfectly safe 100% of the time), you don’t want to be caught without a plan. Ensure that your team is ready ahead of a cybersecurity incident with a response strategy that is fleshed out and tested annually.
This might go without saying, but: always remember to hit “save.” That counts for things even as big as your company’s device configurations and data, which should be stored off-network in a physically secure location.
Maintain Control Over Identity and Access Management
To make sure that only trusted users have access to sensitive data for your business, follow the best practices below:
For the ultimate peace of mind, talk to US Cloud about Vulnerability Assessment and Vulnerability Management. Our team of experts stays on top of industry news and best practices to ensure that your Microsoft and Azure environments stay secure, safe, and efficient. Contact us or schedule a call to talk to an expert with our team and we’ll be happy to help you and your company get started!