Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Defence
  • /
  • UK and allies warn of cyber attack vulnerabilities

Defence Security

UK and allies warn of cyber attack vulnerabilities

The UK and international allies issued an alert yesterday, showing an increase in cyber attackers initially exploiting previously unknown vulnerabilities to compromise enterprise networks.

Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock

In a new advisory, the National Cyber Security Centre (NCSC) – a part of GCHQ – alongside partners in Australia, Canada, New Zealand and the United States, shared a list of the top 15 routinely exploited vulnerabilities of 2023.

Advertisement
ODU RT

Of these vulnerabilities, the majority were first exploited as zero-days – weaknesses that were recently discovered and where a fix or patch was not immediately available from the vendor – allowing attackers to conduct cyber operations against higher-priority targets.

This trend, which the NCSC has continued to observe into 2024, marks a shift from 2022 when less than half of the top list was initially exploited as zero-day vulnerabilities.

The advisory strongly encourages enterprise network defenders to maintain vigilance with their vulnerability management processes, including applying all security updates in a timely manner and ensuring they have identified all assets in their estates.

It also calls on technology vendors and developers to follow advice on implementing secure-by-design principles into their products to help reduce the risk of vulnerabilities being introduced at source and being exploited later.

Ollie Whitehouse, NCSC Chief Technology Officer, said: “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organisations and vendors alike as malicious actors seek to infiltrate networks.  

“To reduce the risk of compromise, it is vital all organisations stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace.

“We urge network defenders to be vigilant with vulnerability management, have situational awareness in operations and call on product developers to make security a core component of product design and life-cycle to help stamp out this insidious game of whack-a-mole at source”.

All vulnerabilities listed have had patches and fixes made available from the vendors to help mitigate the risk of compromise.

Advertisement
ADS S &P RT

In the case of zero-day vulnerabilities, where exploitation is rife it is vital organisations have a process in place to install vendor updates at pace after they become available to minimise the opportunity for attackers.

In addition to the top list, the advisory also details a further 32 vulnerabilities that were routinely exploited in 2023.

If mitigation steps have not already been taken, network defenders should follow vendor advice in each case and check for indicators of compromise before applying updates.

Advisory jointly published by:

  • NCSC
  • US Cybersecurity and Infrastructure Security Agency (CISA)
  • US Federal Bureau of Investigation (FBI)
  • US National Security Agency (NSA)
  • Australian Signals Directorate’s Australian Cyber Security Centre (ACSC),
  • Canadian Centre for Cyber Security (CCCS)
  • New Zealand National Cyber Security Centre (NCSC-NZ)
  • Computer Emergency Response Team New Zealand (CERT NZ)


View full advisory on CISA's website

Advertisement
Babcock LB
GKN Aerospace deliver C-27J nacelles to Leonardo

Aerospace Defence

GKN Aerospace deliver C-27J nacelles to Leonardo

13 November 2024

GKN Aerospace has delivered the first two C-27J nacelles to Leonardo Aircraft since 2018, marking a significant milestone in the revitalisation of its supply chain and production capabilities.

BCB introduces the Dragon Mk3 D-25

Defence

BCB introduces the Dragon Mk3 D-25

13 November 2024

Together with its partners, UAVE Ltd, BCB International in Cardiff has expanded its range of British-designed and manufactured drones, with the introduction of its Dragon Mk3 D-25.

RTX’s Collins Aerospace to provide UK Chinooks with CAAS avionics

Defence

RTX’s Collins Aerospace to provide UK Chinooks with CAAS avionics

12 November 2024

RTX's Collins Aerospace has received a $19 million contract from the Department of Defense (DoD) to equip a fleet of new H-47 Chinooks for the UK Royal Air Force with its Common Avionics Architecture System (CAAS) avionics management suite.

BAE Systems to collaborate with Hensoldt

Defence

BAE Systems to collaborate with Hensoldt's ESG

11 November 2024

BAE Systems will collaborate with German military systems specialist ESG Elektroniksystem- und Logistik-GmbH, part of the HENSOLDT Group, to explore ways to combine their technology and experience across the European defence market.

Advertisement
ODU RT
RTX’s Raytheon LTAMD completes complex live fire test

Defence

RTX’s Raytheon LTAMD completes complex live fire test

11 November 2024

Raytheon today announced that its Lower Tier Air and Missile Defense Sensor (LTAMD) successfully completed its most complex live-fire exercise to date, detecting and defeating a tactical ballistic missile.

Avon Protection awarded US DoD ASPIRE HMI contracts

Defence

Avon Protection awarded US DoD ASPIRE HMI contracts

11 November 2024

Avon Protection has been awarded three contracts by the US Department of Defense’s (DoD’s) ASPIRE HMI (Advanced System for Protection and Integrated Reduction of Encumbrances Hood/Mask Interface) programme, which is executed by the Joint Program Executive Office for Chemical, Biological, Radiological and Nuclear Defense (JPEO-CBRND).

Advertisement
ODU RT 2