IT departments aren’t managing their organizations’ attack surfaces anywhere near the speed at which threat actors are finding and exploiting vulnerabilities.
That’s the conclusion of a new report from Palo Alto Networks Unit 42 threat research team.
Cybercriminals are exploiting new vulnerabilities within hours of public disclosure, the report notes, but, on average, an organization takes more than three weeks to investigate and remediate a critical exposure.
For example, of 15 remote code execution (RCE) vulnerabilities actively used by ransomware operators, three were exploited within hours of disclosure. Six were exploited within eight weeks of publication.
“Most organizations have an attack surface management problem, and they don’t even know it,” the company said in a blog accompanying the report, “because they lack full visibility of the various IT assets and owners. One of the biggest culprits of these unknown risks are remote access service exposures, which made up nearly one out of every five issues we found on the internet.
“Defenders need to be vigilant, because every configuration change, new cloud instance or newly disclosed vulnerability begins a new race against attackers.”
Over 85 per cent of organizations analyzed had Windows Remote Desktop Protocol (RDP) internet-accessible for at least 25 per cent of the month, leaving them open to ransomware attacks or unauthorized login attempts.
The dangers are not just in on-premises environments, the report adds. The report estimates 80 per cent of security exposures are present in cloud environments, compared to on-premises at 19 per cent.
Nearly half of high-risk cloud-hosted exposures the study found each month were a result of the constant change by IT departments in cloud-hosted new services going online and/or old ones being replaced.
The report recommends organizations:
— have a complete and up-to-date inventory of hardware and software, both on prem and in the cloud;
— ensure vulnerability management processes can not only find and install the latest security patches but also discover and remediate misconfigured services;
— set a risk exposure rating for critical applications, for patch prioritization;
— monitor all remote access points for unauthorized logins;
— manage their attack surface with automated tools.
You can get the report here. Registration is required.