Rapid digital transformation has led to a sharp rise in
organizational network infrastructure, known and unknown, thus greatly
increasing the complexity of security environments. Exposures on public facing
assets can lead to organizations becoming victims of opportunity rather than
targeted attacks. Palo Alto Networks analyzed petabytes of data about
internet-accessible exposures across 250 organizations globally between 2022
and 2023. The 2023 Unit 42 Attack Surface Threat Report found that cybercriminals are exploiting new
vulnerabilities within hours of public disclosure and that organizations are
finding it difficult to manage their attack surfaces at the speed and scale
necessary to combat threat actor automation. Other notable findings from the
report include:
Cloud Is the Dominant Attack Surface
●
Vast
majority of security exposures are present in cloud environments at 80% as
compared to on-premise at 19%.
●
Cloud-based
IT infrastructure is always in a state of flux, changing by more than 20%
across every industry every month.
●
For most
organizations, over 45% of high-risk, cloud-hosted exposures each month were a
result of the constant change in cloud-hosted new services going online and/or
old ones being replaced.
●
Over 75% of
publicly accessible software development infrastructure exposures were found in
the cloud.
Attackers Move at Machine Speed
●
Today’s
attackers have the ability to scan the entire IPv4 address space (containing
over 4 billion addresses) for vulnerable targets in minutes.
●
Of the 30
Common Vulnerabilities and Exposures (CVEs) analyzed, three were exploited
within hours of public disclosure and 63% were exploited within 12 weeks of the
public disclosure.
Remote Access Exposures Are Widespread
●
Over 85% of
organizations analyzed had Remote Desktop Protocol (RDP) internet-accessible
for at least 25% of the month.
●
Eight of
the nine industries that Unit 42 studied had internet-accessible RDP vulnerable
to brute-force attacks for at least 25% of the month.
●
Median
financial services and state or local government organizations had RDP
exposures for the entire month.
Critical Industries Are Exposed
●
IT,
security, and networking infrastructure make up the top exposures (48%) for
manufacturing, which could lead to loss of production and revenue.
●
Financial
institutions most frequently expose file sharing services (38%).
●
For
national governments, insecure file sharing and databases are one of the most
significant attack surface risks, accounting for over 46% of all the exposures
in a typical national government organization.
●
For healthcare organizations, 56% of publicly
exposed development environments are often misconfigured and vulnerable.
●
For
utilities and energy, Internet-accessible IT infrastructure control panels account for
47% of the exposures.
Recommendations
●
Gain
continuous visibility over all assets: Ensure a comprehensive
real-time understanding of all internet-accessible assets, including cloud
based systems and services.
●
Prioritize
remediation: Focus
on remediating the most critical vulnerabilities and exposures based on CVSS
(Common Vulnerability Scoring System) and EPSS (Exploit Prediction Scoring
System).
●
Secure
remote access services: Implement multifactor authentication (MFA), and
monitor all remote access services for signs of unauthorized access or brute-force
attacks.
●
Address
cloud misconfigurations: Regularly review and update inevitable cloud
misconfigurations to ensure they align with best security practices.
Click
here for the full report, and here for the blog by Matt Kraning, CTO,
Cortex at Palo Alto Networks.
0 Comments