As many as 85% of the exploited vulnerabilities in 2023 were initially unknown to vendors, highlighting the persistence of zero-day attacks.
Zero-day vulnerabilities are exploited by nation-state hackers, often in line with the goals and motivations of the 5 Eyes intelligence agencies.
Malicious cyber actors successfully exploited a greater number of previously unknown vulnerabilities, dubbed zero-day exploits, in 2023 compared to the previous year, allowing them to target critical infrastructure and sensitive organizations with increased efficacy. In 2023, nearly all of the most commonly exploited vulnerabilities had their roots in zero-day exploits, a stark increase from 2022 when fewer than half of the top exploited flaws were initially uncovered through this tactic.
Malicious cyberactors often enjoy unprecedented success in exploiting newly disclosed vulnerabilities, typically within a two-year window following public disclosure. As exploitability wanes with each successive patch or update, the efficacy of these weaknesses gradually diminishes. When global cybersecurity initiatives curtail the shelf life of zero-day flaws, malicious hackers find significantly diminished returns from exploiting these previously unknown weaknesses.
•
Bruce Schneier’s portrait by Joe MacInnis.
