Default deny and only permitting what you explicitly allow stops 90% of this in a corporate environment.

You don’t just leave all your ports open on the firewall and only close the ones exploited. You default deny and only allow the bare minimum you need in.