In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets.
In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day. Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...

