CISA sees increase in zero-day exploitation, official says | CyberScoop<\/title> <meta name=\"description\" content=\"Michael Duffy, an official in CISA\u2019s cybersecurity division, says zero-day exploits are \u201creally affecting the federal government networks.\u201d\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-zero-day-ransomware\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CISA sees increase in zero-day exploitation, official says\"> <meta property=\"og:description\" content=\"Michael Duffy, an official in CISA\u2019s cybersecurity division, says zero-day exploits are \u201creally affecting the federal government networks.\u201d\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-zero-day-ransomware\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-11-03T16:45:29+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg\"> <meta property=\"og:image:width\" content=\"2016\"> <meta property=\"og:image:height\" content=\"1512\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1698677826g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1699042052g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1698989400g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/77912\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=77912\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-zero-day-ransomware%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-zero-day-ransomware%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-77912 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-zero-day-ransomware\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.182950191571\">\n<div class=\"single-article__header-content\" readability=\"32.003424657534\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Michael Duffy, associate director for capacity building in CISA\u2019s cybersecurity division, says that global zero-day exploits are \u201creally affecting the federal government networks.\u201d <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"480\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says.jpg?resize=640%2C480&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg 2016w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=300,225 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=768,576 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=1024,768 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=1536,1152 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=600,450 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=224,168 224w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=449,337 449w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=900,675 900w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/11\/cisa-sees-increase-in-zero-day-exploitation-official-says-1.jpg?resize=1124,843 1124w\" sizes=\"(max-width: 900px) 100vw, 900px\"><figcaption> From left, the NSA’s Darren Turner, OMB’s Nick Polk and CISA’s Michael Duffy participate in a cybersecurity governance panel at ACT-IAC\u2019s Imagine Nation ELC conference in Hershey, Pa., on Oct. 30, 2023. (Scoop News Group photo) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"41.337209302326\"><body readability=\"84.545710267229\"><\/p>\n<p><strong>HERSHEY, Pa.<\/strong> \u2014 The exploitation of zero-day vulnerabilities is on the rise globally and directly impacting federal agencies, part of what a senior Cybersecurity and Infrastructure Security Agency official called a \u201cvery eventful past six months\u201d in the cyber threat landscape.<\/p>\n<p>Michael Duffy, the associate director for capacity building within CISA\u2019s cybersecurity division, said that in the past month or so, the agency has seen \u201ca really high increase in zero-day activity, exploits that we\u2019re seeing across the globe, really affecting the federal government networks throughout the federal government.\u201d<\/p>\n<p>Duffy\u2019s comments, made during a cybersecurity governance panel this week at ACT-IAC\u2019s Imagine Nation ELC conference in Hershey, Pa., come following a notable decline in so-called in-the-wild zero days last year. According to a <a href=\"https:\/\/security.googleblog.com\/2023\/07\/the-ups-and-downs-of-0-days-year-in.html\">July report<\/a> from Google\u2019s Threat Analysis Group, 41 zero days were detected and disclosed in 2022, down from 69 in 2021.<\/p>\n<p>Despite the decline, the number of zero-day exploits observed in the wild remained the second-highest number since TAG started tracking such exploits in 2014. U.S. government officials recently have described a tendency toward growing sophistication in the state-backed hacking campaigns, one hallmark of which is the use of the previously unknown vulnerabilities known as zero days. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Having observed \u201cseveral individual zero days,\u201d Darren Turner, the National Security Agency\u2019s cybersecurity directorate chief of critical networks defense, spoke of the need for \u201calignment and unification\u201d when it comes to combating those threats. That includes not just all government agencies, but also \u201cthe defense industrial base and industry writ large.\u201d<\/p>\n<p>Turner said that once one zero day has been discovered, that can help generate other, similar vulnerabilities \u2014 which may be one reason why the use of such vulnerabilities are increasing over the long term.<\/p>\n<p>\u201cYou ever wonder how they can be kind of cascading on the same general area?\u201d Turner said of zero-day activity. \u201cOften when you do the analysis of what is occurring, then what you find is, if there was an issue here in a zero day, then there was probably a shortcut somewhere else in the process, which is why you tend to get several out of the same area.\u201d<\/p>\n<p>Duffy also noted that in fiscal year 2023, CISA saw \u201camong the first instances of ransomware within the federal government\u201d as well as \u201can uptick in DDoS activity\u201d that is \u201cactually disrupting a lot of federal activity.\u201d<\/p>\n<p>Federal agencies were hit in a global cyberattack conducted by a Russian hacking group last June, but a senior CISA official <a href=\"https:\/\/www.cnn.com\/2023\/06\/15\/politics\/us-government-hit-cybeattack\/index.html\">told CNN<\/a> at the time that the ransomware gang had made no ransom demands of the government. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Though the past half-year has been an especially busy one for government cyber officials, Duffy said the Biden administration, Congress and federal agencies are now better coordinated on cybersecurity issues. Broadly speaking, there\u2019s ideal \u201calignment\u201d on everything \u201cfrom the national cyber strategy to the cyber executive order to the new CISA cybersecurity strategy,\u201d he said.<\/p>\n<p>\u201cAs we are working through all of those threat actions, all of those concerning things that we\u2019re seeing through zero days and through advanced persistent threat activities, we know that we\u2019re taking the right foundational steps, and that\u2019s extremely meaningful,\u201d Duffy said. \u201cThe government right now has a thoughtful approach to its cybersecurity strategy.\u201d <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-zero-day-ransomware\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA sees increase in zero-day exploitation, official says | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,452,174,272,46,288,1170],"tags":[86,454,178,278,54,294,1171],"class_list":["post-1987","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-ddos","category-nsa","category-ransomware","category-threats","category-zero-days","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-ddos","tag-nsa","tag-ransomware","tag-threats","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ddos\/\" rel=\"category tag\">DDoS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nsa\/\" rel=\"category tag\">nsa<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1987"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1987\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1987,"date":"2023-11-03T16:45:29","date_gmt":"2023-11-03T16:45:29","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=77912"},"modified":"2023-11-03T16:45:29","modified_gmt":"2023-11-03T16:45:29","slug":"cisa-sees-increase-in-zero-day-exploitation-official-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/11\/03\/cisa-sees-increase-in-zero-day-exploitation-official-says\/","title":{"rendered":"CISA sees increase in zero-day exploitation, official says"},"content":{"rendered":"