Digital Ground Zero: An In-Depth Analysis of 2023's Zero-Day Vulnerabilities |
||
 |
 |
|
| © 2024 by IJCTT Journal | ||
| Volume-72 Issue-9 |
||
| Year of Publication : 2024 | ||
| Authors : Varadharaj Varadhan Krishnan | ||
| DOI : 10.14445/22312803/IJCTT-V72I9P128 | ||
How to Cite?
Varadharaj Varadhan Krishnan, "Digital Ground Zero: An In-Depth Analysis of 2023's Zero-Day Vulnerabilities," International Journal of Computer Trends and Technology, vol. 72, no. 9, pp. 176-184, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I9P128
Abstract
A distinct challenge is posed by zero-day vulnerabilities to security teams within an organization. These types of vulnerabilities enable attackers to exploit software flaws before patches are available. In 2023, the number and complexity of Zero-Day exploits increased substantially. Nation-state actors, cybercriminal groups, and commercial surveillance vendors are taking advantage of these vulnerabilities more than ever. This paper provides a comprehensive analysis of the Zero-Day vulnerabilities discovered and exploited in 2023. Based on public data sources like Google's Threat Analysis Group (TAG), MITRE’s CVE database, and Zero-Day.cz, this study examines trends, attack vectors, and the most targeted software platforms. Through empirical analysis, trends and patterns are discovered to devise strategies to defend against them or mitigate them. The paper explores key defense strategies like Zero Trust Architecture, real-time threat intelligence integration, and mature Endpoint Detection and Response (EDR) solutions to prevent, detect, and respond to exploits using the zero-day vulnerability. By understanding the history of incidents and vulnerability disclosures, this paper aims to provide actionable insights for organizations looking to strengthen their cybersecurity defenses and prepare for future Zero-Day exploits.
Keywords
Zero-day vulnerability, Zero-day, Cyber defense, Security operations, Incident response.
Reference
[1] Maddie Stone, and James Sadowski, A Review of Zero-day in-the-wild Exploits in 2023, Google The Keyword, 2024. [Online]. Available: https://blog.google/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023/
[2] We’re All in this Together, A Year in Review of Zero-Days Exploited in-the-wild in 2023, Google, 2024. [Online]. Available: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
[3] Buying Spying: Insights into Commercial Surveillance Vendors, Google. [Online]. Available: https://storage.googleapis.com/gweb-uniblog-publiksh-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
[4] Zero-day Vulnerability Database, Zero-Day.cz. [Online]. Available: https://www.zero-day.cz/database/?set_filter=Y&arrFilter_pf%5BYEAR_FROM%5D=2023&arrFilter_pf%5BYEAR_TO%5D=2023&arrFilter_pf%5BS EARCH%5D=
[5] Sergiu Gatlan, Google: Spyware Vendors Behind 50 Percent of Zero-days Exploited in 2023, BleepingComputer. [Online]. Available: https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/
[6] Jonathan Greig, Zero-day Exploited in the Wild Jumped in 50% in 2023, Fueled by Spyware Vendors, The Record, 2024. [Online]. Available: https://therecord.media/zero-day-exploits-jumped-in-2023-spyware
[7] Mandiant, Google Cloud, Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft, 2023. [Online]. Available: https://cloud.google.com/blog/topics/threat-intelligence/zero-day-moveit-data-theft
[8] Venkatesh Sundararajan, Zero-day Vulnerability – Examples, Detection & Prevention [+ Monthly 0-day Reports], Indusface, 2024. [Online]. Available: https://www.indusface.com/blog/zero-day-vulnerability/
[9] Tenable, Understanding Zero-Day Vulnerabilities, Exploits and Attacks. [Online]. Available: https://www.tenable.com/source/zero-day
[10] Kapil Raina, What is a Zero-Day Exploit?, CrowdStrike, 2022. [Online]. Available: https://www.crowdstrike.com/cybersecurity-101/zero-day-exploit/
[11] IBM, What is a Zero-Day Exploit?. [Online]. Available: https://www.ibm.com/topics/zero-day
[12] Google, Stable Channel Update for Desktop, 2023. [Online]. Available: https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
[13] Ledger, [Twitter post]. X (Formerly Twitter), 2023. [Online]. Available: https://twitter.com/Ledger/status/1735291427100455293
[14] Apple, About the Security Content of iOS 16.7. [Online]. Available: https://support.apple.com/en-us/HT214033
[15] Google, Stable Channel Update for Desktop, 2023. [Online]. Available: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
[16] Cybersecurity and Infrastructure Security Agency (CISA), Exploitation of Unitronics PLCs used in Water and Wastewater Systems, 2023. [Online]. Available: https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
[17] Microsoft, CVE-2023-36033: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36033
[18] Microsoft, CVE-2023-36025: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36025
[19] Microsoft, CVE-2023-36036: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36036
[20] SysAid, SysAid On-premise Software CVE-2023-47246 Vulnerability, 2023. [Online]. Available: https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
[21] Cisco, Multiple Vulnerability in Cisco IOS XE web UI Feature, 2023. [Online]. Available: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
[22] Wordfence, PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates being Actively Exploited, 2023. [Online]. Available: https://www.wordfence.com/blog/2023/10/psa-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-royal-elementor-addons-and-templates-being-actively-exploited/
[23] Microsoft, CVE-2023-36563: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36563
[24] Microsoft, CVE-2023-41763: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-41763
[25] Jira, Broken Authentication & Session Management in Confluence Data Center and Server - CVE-2023-22515. [Online]. Available: https://jira.atlassian.com/browse/CONFSERVER-92475
[26] Apple, About the Security Content of iOS 16.5. [Online]. Available: https://support.apple.com/en-us/HT213961
[27] Google, Stable Channel Update for Desktop, 2023. [Online]. Available: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
[28] Cisco, Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability. [Online]. Available: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx
[29] Apple, About the Security Content of iOS 16.4.1. [Online]. Available: https://support.apple.com/en-us/HT213927
[30] Trend Micro, CRITICAL SECURITY BULLETIN: 3rd Party AV Uninstaller Module for Trend Micro Apex One and Worry-Free Business Security Arbitrary Code Execution Vulnerability. [Online]. Available: https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
[31] Source, Pixel Update Bulletin—September 2023. [Online]. Available: https://source.android.com/docs/security/bulletin/pixel/2023-09-01
[32] Microsoft, CVE-2023-36802: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36802
[33] Microsoft, CVE-2023-36761: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36761
[34] Adobe, Security Updates Available for Adobe Acrobat and Reader | APSB23-34. [Online]. Available: https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
[35] Google, Stable Channel Update for Desktop, 2023. [Online]. Available: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
[36] Apple, About the Security Content of iOS 16.2. [Online]. Available: https://support.apple.com/en-us/HT213905
[37] Google, Android Security Bulletin: September 2023. [Online]. Available: https://source.android.com/docs/security/bulletin/2023-09-01
[38] Ivanti, CVE-2023-38035: API Authentication Bypass on Sentry Administrator Interface, 2023. [Online]. Available: https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
[39] Safe-Surf, Specialists’ News. [Online]. Available: https://safe-surf.ru/specialists/news/697426/
[40] Microsoft, CVE-2023-38180: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180
[41] Avast, Guptiminer: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining, 2024. [Online]. Available: https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
[42] Ivanti, CVE-2023-35081 – Remote Arbitrary File Write, 2023. [Online]. Available: https://forums.ivanti.com/s/article/CVE-2023-35081- Arbitrary-File-Write?language=en_US
[43] BleepingComputer, Ivanti Patches MobileIron Zero-day Bug Exploited in Attacks, 2023. [Online]. Available: https://www.bleepingcomputer.com/news/security/ivanti-patches-mobileiron-zero-day-bug-exploited-in-attacks/
[44] Apple, About the Security Content of iOS 16.3. [Online]. Available: https://support.apple.com/en-us/HT213842
[45] Adobe, Security Updates available for Adobe ColdFusion | APSB23-47, 2023. [Online]. Available: https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html
[46] Citrix, Citrix ADC and Citrix Gateway security bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467, 2023. [Online]. Available: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466- cve20233467
[47] BleepingComputer, Rockwell Warns of New APT RCE Exploit Targeting Critical Infrastructure, 2023. [Online]. Available: https://www.bleepingcomputer.com/news/security/rockwell-warns-of-new-apt-rce-exploit-targeting-critical-infrastructure/
[48] Microsoft, Storm-0978 Attacks Reveal Financial and Espionage Motives. [Online]. Available: https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
[49] Microsoft, CVE-2023-35311: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311
[50] Microsoft, CVE-2023-36874: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874
[51] Microsoft, CVE-2023-32049: Security Advisory, 2023. [Online] Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049
[52] Microsoft, CVE-2023-32046: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046
[53] WordPress, Security Issue. [Online]. Available: https://wordpress.org/support/topic/security-issue-144/#post-16859857
[54] Apple, About the Security Content of iOS 16.1. [Online]. Available: https://support.apple.com/en-us/HT213811
[55] Source, Pixel Update Bulletin—June 2023. [Online]. Available: https://source.android.com/docs/security/bulletin/pixel/2023-06-01
[56] Mandiant, VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors. [Online]. Available: https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
[57] Acmesh, acme.sh Runs Arbitrary Commands from a Remote Server #4659, 2023. [Online]. Available: https://github.com/acmesh-official/acme.sh/issues/4659
[58] Google, Stable Channel Update for Desktop, 2023. [Online]. Available: https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
[59] Progress, MOVEit Transfer Critical Vulnerability (May 2023). [Online]. Available: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
[60] Emby, Emby Server does not start - Security Advisory 2023-05-25. [Online]. Available: https://emby.media/support/articles/advisory-23- 05.html
[61] Barracuda, Barracuda Email Security Gateway Appliance (ESG) Vulnerability, 2024. [Online]. Available: https://www.barracuda.com/company/legal/esg-vulnerability
[62] Apple, About the Security Content of iOS 16.0. [Online]. Available: https://support.apple.com/en-us/HT213757
[63] Microsoft, CVE-2023-24932: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24932
[64] Microsoft, CVE-2023-29336: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336
[65] Samsung, Security Update. [Online]. Available: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
[66] Google, Stable Channel Update for Desktop, 2023. [Online]. Available: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
[67] Google, Stable Channel Update for Desktop, 2023. [Online]. Available: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
[68] Apple, About the Security Updates. [Online]. Available: https://support.apple.com/en-us/HT213720
[69] 3CX, DesktopApp Security Alert, 2023. [Online]. Available: https://www.3cx.com/blog/news/desktopapp-security-alert/
[70] Google, Spyware Vendors use 0-days and n-days Against Popular Platforms, 2023. [Online]. Available: https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
[71] Korea Internet & Security Agency (KISA), 2023. [Online]. Available: https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71023&menuNo=205020
[72] General Bytes, Security Incident March 17-18th, 2023. [Online]. Available: https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
[73] Adobe, Security Updates Available for Adobe ColdFusion | APSB23-25, 2023. [Online]. Available: https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
[74] Microsoft, CVE-2023-23397: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
[75] Microsoft, CVE-2023-24880: Security Advisory, 2023. [Online]. Available: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880
[76] Fortinet, Analysis of FG-IR-22-369, 2023. [Online]. Available: https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
[77] Microsoft, CVE-2023-21823: Security Advisory, 2023. [Online]. Available: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21823
[78] Microsoft, CVE-2023-23376: Security Advisory, 2023. [Online]. Available: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23376
[79] Microsoft, CVE-2023-21715: Security Advisory, 2023. [Online]. Available: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21715
[80] Apple, About the Security Content of iOS 16.3.1 and iPadOS 16.3.1. [Online]. Available: https://support.apple.com/en-us/HT213635
[81] Brain Krebs, [Post]. InfoSec Exchange. [Online]. Available: https://infosec.exchange/@briankrebs/109795710941843934
[82] Microsoft, CVE-2023-21674: Security Advisory, 2023. [Online]. Available: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674