Attack surfaces still aren’t being managed fast enough by IT: Report

Share post:

IT departments aren’t managing their organizations’ attack surfaces anywhere near the speed at which threat actors are finding and exploiting vulnerabilities.

That’s the conclusion of a new report from Palo Alto Networks Unit 42 threat research team.
Cybercriminals are exploiting new vulnerabilities within hours of public disclosure, the report notes, but, on average, an organization takes more than three weeks to investigate and remediate a critical exposure.

For example, of 15 remote code execution (RCE) vulnerabilities actively used by ransomware operators, three were exploited within hours of disclosure. Six were exploited within eight weeks of publication.

“Most organizations have an attack surface management problem, and they don’t even know it,” the company said in a blog accompanying the report, “because they lack full visibility of the various IT assets and owners. One of the biggest culprits of these unknown risks are remote access service exposures, which made up nearly one out of every five issues we found on the internet.

“Defenders need to be vigilant, because every configuration change, new cloud instance or newly disclosed vulnerability begins a new race against attackers.”

Over 85 per cent of organizations analyzed had Windows Remote Desktop Protocol (RDP) internet-accessible for at least 25 per cent of the month, leaving them open to ransomware attacks or unauthorized login attempts.

The dangers are not just in on-premises environments, the report adds. The report estimates 80 per cent of security exposures are present in cloud environments, compared to on-premises at 19 per cent.

Nearly half of high-risk cloud-hosted exposures the study found each month were a result of the constant change by IT departments in cloud-hosted new services going online and/or old ones being replaced.

The report recommends organizations:

— have a complete and up-to-date inventory of hardware and software, both on prem and in the cloud;
— ensure vulnerability management processes can not only find and install the latest security patches but also discover and remediate misconfigured services;
— set a risk exposure rating for critical applications, for patch prioritization;
— monitor all remote access points for unauthorized logins;
— manage their attack surface with automated tools.

You can get the report here. Registration is required.

The post Attack surfaces still aren’t being managed fast enough by IT: Report first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Liberals to add ‘fundamental right to privacy’ to proposed law, but no details yet

As committee hearing start the Innovation minister promises changes to privacy law to meet complaints. Details to fo

Cyber Security Today, Sept. 27 2023 – Hackers are targeting luxury hotels, a Red Cross scam and more

This episode reports on phishing campaigns against the hospitality sector, a new ransomware operato

Ransomware attacks on U.S. public sector at record high

Ransomware attacks on the U.S. public sector are on track to reach record levels in 2023, with both...

APT hacking group AtlasCross targets organizations

A new advanced persistent threat (APT) hacking group named AtlasCross has been discovered targeting organizations with phishing lures...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways