Severe Risks From Remote Access Exposure

Uploaded on 2023-09-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Threat researchers at Palo Alto Networks' Unit 42 have examined some of the riskiest security aspects around attack surface management (ASM) with the 2023 Unit 42 Attack Surface Threat Report.  The report contrasts the dynamic nature of cloud environments with the speed at which threat actors are exploiting new vulnerabilities. It found that cyber criminals are exploiting new vulnerabilities within hours of public disclosure. 

Quite simply, organisations are finding it difficult to manage their attack surfaces at a speed and scale necessary to combat threat actor automation. 

Most organizations have an attack surface management problem, and they don’t even know it, because they lack full visibility of the various IT assets and owners. One of the biggest culprits of these unknown risks are remote access service exposures, which made up nearly one out of every five issues we found on the Internet. Defenders need to be constantly vigilant, because every configuration change, new cloud instance or newly disclosed vulnerability begins a new race against attackers. Unit42's significant findings include:

Attackers Move at Machine Speed 

  • Today’s attackers have the ability to scan the entire IPv4 address space for vulnerable targets in minutes. 
  • Of the 30 Common Vulnerabilities and Exposures (CVEs) analyzed, three were exploited within hours of public disclosure and 63% were exploited within 12 weeks of the public disclosure. 
  • Of the 15 remote code execution (RCE) vulnerabilities analyzed by Unit 42, 20% were targeted by ransomware gangs within hours of disclosure, and 40% of the vulnerabilities were exploited within eight weeks of publication. 

Cloud Is the Dominant Attack Surface 

  • 80% of security exposures are present in cloud environments compared to on-premise at 19%. 
  • Cloud-based IT infrastructure is always in a state of flux, changing by more than 20% across every industry every month. 
  • Nearly 50% of high-risk, cloud-hosted exposures each month were a result of the constant change in cloud-hosted new services going online and/or old ones being replaced. 
  • Over 75% of publicly accessible software development infrastructure exposures were found in the cloud, making them attractive targets for attackers. 

Remote Access Exposures Are Widespread 

  • Over 85% of organisations analysed had Remote Desktop Protocol (RDP) internet-accessible for at least 25% of the month, leaving them open to ransomware attacks or unauthorised login attempts. 
  • Eight of the nine industries that Unit 42 studied had internet-accessible RDP vulnerable to brute-force attacks for at least 25% of the month. 
  • The median financial services and state or local government organizations had RDP exposures for the entire month. 

The Demand For Attack Surface Management 

Enabling SecOps teams to reduce mean time to respond (MTTR) in a meaningful way requires accurate visibility into all organisational assets and the ability to automatically detect the exposure of those assets. Attack surface management solutions, like Palo Alto Networks industry-leading Cortex Xpanse, give SecOps teams a complete and accurate understanding of their global internet-facing assets and potential misconfigurations to continuously discover, evaluate and mitigate the risks on an attack surface. 

  • Cortex Xpanse is agentless, automatic and routinely discovers assets that IT staff are unaware of and are not monitoring. Each day, it conducts over 500 billion scans of internet facing assets. This helps organisations actively discover, learn about, and most importantly, respond to unknown risks in all connected systems and exposed services. 
  • Cortex Xpanse is one of the only products that not only gives businesses the ability to see their exposures, but to also automatically remediate them. Cortex Xpanse also recently introduced new capabilities to help organizations better prioritize and remediate attack surface risks by utilising real-world intelligence and AI-assisted workflows. 

The legacy technologies powering today’s Security Operations Center (SOC) are no longer working and customers need a massive reduction in their mean time to respond and remediate. The Cortex portfolio of products, such as XSIAM, incorporates AI and automation to revolutionise security operations and help customers be more agile and secure. 

Unit42:                                                                                                    Image: Andreus

You Might Also Read: 

Can Automation Help Bridge The Cyber Skills Gap?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Is Your Business Ready To Embrace Artificial Intelligence? 
Quadruple Extortion  Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Blumira

Blumira

Blumira provides comprehensive, hybrid cloud security monitoring and reporting for organizations of all sizes, enabling them to detect and respond to cloud security threats quickly and effectively.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

SequelNet

SequelNet

SequelNet is an emerging MSP, providing 360° business IT solutions and consulting services.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.