According to a report by Palo Alto Networks, rapid digital transformation has led to a sharp rise in organisational network infrastructure, known and unknown, thus greatly increasing the complexity of security environments. Exposures on public-facing assets can lead to organisations becoming victims of opportunity rather than targeted attacks. Palo Alto Networks has analysed petabytes of data about internet-accessible exposures across 250 organisations globally between 2022 and 2023. The 2023 Unit 42 Attack Surface Threat Report found that cybercriminals are exploiting new vulnerabilities within hours of public disclosure and that organisations are finding it difficult to manage their attack surfaces at the speed and scale necessary to combat threat actor automation.
According to the report, the vast majority of security exposures are present in cloud environments at 80 per cent as compared to on-premise at 19 per cent. Cloud-based IT infrastructure is always in a state of flux, changing by more than 20 per cent across every industry every month. For most organisations, over 45 per cent of high-risk, cloud-hosted exposures each month were a result of the constant change in cloud-hosted new services going online and/or old ones being replaced. Over 75 per cent of publicly accessible software development infrastructure exposures were found in the cloud.
Further, attackers also have the ability to scan the entire internet protocol version 4 (IPv4) address space (containing over 4 billion addresses) for vulnerable targets in minutes. Of the 30 common vulnerabilities and exposures (CVEs) analysed, three were exploited within hours of public disclosure and 63 per cent were exploited within 12 weeks of the public disclosure.
The report reveals that over 85 per cent of organisations analysed had remote desktop protocol (RDP) internet-accessible for at least 25 per cent of the month. Eight of the nine industries that Unit 42 studied had internet-accessible RDP vulnerable to brute-force attacks for at least 25 per cent of the month. Median financial services and state or local government organisations had RDP exposures for the entire month.
As per the findings, IT, security, and networking infrastructure make up the top exposures (48 per cent) for manufacturing, which could lead to loss of production and revenue. Whereas, financial institutions most frequently expose file sharing services (38 per cent). For national governments, insecure file sharing and databases are one of the most significant attack surface risks, accounting for over 46 per cent of all the exposures in a typical national government organisation. While for healthcare organisations, 56 per cent of publicly exposed development environments are often misconfigured and vulnerable. Finally, for utilities and energy, Internet-accessible IT infrastructure control panels account for 47 per cent of the exposures.
The report recommended ensuring a comprehensive real-time understanding of all internet-accessible assets, including cloud-based systems and services. A focus on remediating the most critical vulnerabilities and exposures based on common vulnerability scoring system (CVSS) and exploit prediction scoring system (EPSS) was also given emphasis. The report also suggested implementing multifactor authentication (MFA), and monitoring all remote access services for signs of unauthorised access or brute-force attacks along with regular review and updating inevitable cloud misconfigurations to ensure they align with best security practices.
