Severe Risks From Remote Access Exposure

Threat researchers at Palo Alto Networks' Unit 42 have examined some of the riskiest security aspects around attack surface management (ASM) with the 2023 Unit 42 Attack Surface Threat Report.  The report contrasts the dynamic nature of cloud environments with the speed at which threat actors are exploiting new vulnerabilities. It found that cyber criminals are exploiting new vulnerabilities within hours of public disclosure. 

Quite simply, organisations are finding it difficult to manage their attack surfaces at a speed and scale necessary to combat threat actor automation. 

Most organizations have an attack surface management problem, and they don’t even know it, because they lack full visibility of the various IT assets and owners. One of the biggest culprits of these unknown risks are remote access service exposures, which made up nearly one out of every five issues we found on the Internet. Defenders need to be constantly vigilant, because every configuration change, new cloud instance or newly disclosed vulnerability begins a new race against attackers. Unit42's significant findings include:

Attackers Move at Machine Speed 

  • Today’s attackers have the ability to scan the entire IPv4 address space for vulnerable targets in minutes. 
  • Of the 30 Common Vulnerabilities and Exposures (CVEs) analyzed, three were exploited within hours of public disclosure and 63% were exploited within 12 weeks of the public disclosure. 
  • Of the 15 remote code execution (RCE) vulnerabilities analyzed by Unit 42, 20% were targeted by ransomware gangs within hours of disclosure, and 40% of the vulnerabilities were exploited within eight weeks of publication. 

Cloud Is the Dominant Attack Surface 

  • 80% of security exposures are present in cloud environments compared to on-premise at 19%. 
  • Cloud-based IT infrastructure is always in a state of flux, changing by more than 20% across every industry every month. 
  • Nearly 50% of high-risk, cloud-hosted exposures each month were a result of the constant change in cloud-hosted new services going online and/or old ones being replaced. 
  • Over 75% of publicly accessible software development infrastructure exposures were found in the cloud, making them attractive targets for attackers. 

Remote Access Exposures Are Widespread 

  • Over 85% of organisations analysed had Remote Desktop Protocol (RDP) internet-accessible for at least 25% of the month, leaving them open to ransomware attacks or unauthorised login attempts. 
  • Eight of the nine industries that Unit 42 studied had internet-accessible RDP vulnerable to brute-force attacks for at least 25% of the month. 
  • The median financial services and state or local government organizations had RDP exposures for the entire month. 

The Demand For Attack Surface Management 

Enabling SecOps teams to reduce mean time to respond (MTTR) in a meaningful way requires accurate visibility into all organisational assets and the ability to automatically detect the exposure of those assets. Attack surface management solutions, like Palo Alto Networks industry-leading Cortex Xpanse, give SecOps teams a complete and accurate understanding of their global internet-facing assets and potential misconfigurations to continuously discover, evaluate and mitigate the risks on an attack surface. 

  • Cortex Xpanse is agentless, automatic and routinely discovers assets that IT staff are unaware of and are not monitoring. Each day, it conducts over 500 billion scans of internet facing assets. This helps organisations actively discover, learn about, and most importantly, respond to unknown risks in all connected systems and exposed services. 
  • Cortex Xpanse is one of the only products that not only gives businesses the ability to see their exposures, but to also automatically remediate them. Cortex Xpanse also recently introduced new capabilities to help organizations better prioritize and remediate attack surface risks by utilising real-world intelligence and AI-assisted workflows. 

The legacy technologies powering today’s Security Operations Center (SOC) are no longer working and customers need a massive reduction in their mean time to respond and remediate. The Cortex portfolio of products, such as XSIAM, incorporates AI and automation to revolutionise security operations and help customers be more agile and secure. 

Unit42:                                                                                                    Image: Andreus

You Might Also Read: 

Can Automation Help Bridge The Cyber Skills Gap?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Is Your Business Ready To Embrace Artificial Intelligence? 
Quadruple Extortion  Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Biscom

Biscom

Biscom offers solutions for secure file transfer, synchronization, file translation, and mobile devices, designed to deliver mission-critical reliability, streamline workflows and reduce costs.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Center for Education & Research in Information Assurance & Security (CERIAS)

Center for Education & Research in Information Assurance & Security (CERIAS)

CERIAS is one of the world’s leading centers for research and education in areas of information and cyber security.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Invicti Security

Invicti Security

Invicti Security is an AppSec leader transforming the way web applications are secured.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Cyber Ranges

Cyber Ranges

Cyber Ranges is the next-generation cyber range for the development of cyber capabilities and the validation of cyber security skills and organizational cyber resilience.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

Airbus Protect

Airbus Protect

Airbus Protect is an Airbus subsidiary bringing together the Company’s expertise in cybersecurity, safety and sustainability-related services.