Attack surfaces still aren’t being managed fast enough by IT: Report

Share post:

IT departments aren’t managing their organizations’ attack surfaces anywhere near the speed at which threat actors are finding and exploiting vulnerabilities.

That’s the conclusion of a new report from Palo Alto Networks Unit 42 threat research team.
Cybercriminals are exploiting new vulnerabilities within hours of public disclosure, the report notes, but, on average, an organization takes more than three weeks to investigate and remediate a critical exposure.

For example, of 15 remote code execution (RCE) vulnerabilities actively used by ransomware operators, three were exploited within hours of disclosure. Six were exploited within eight weeks of publication.

“Most organizations have an attack surface management problem, and they don’t even know it,” the company said in a blog accompanying the report, “because they lack full visibility of the various IT assets and owners. One of the biggest culprits of these unknown risks are remote access service exposures, which made up nearly one out of every five issues we found on the internet.

“Defenders need to be vigilant, because every configuration change, new cloud instance or newly disclosed vulnerability begins a new race against attackers.”

Over 85 per cent of organizations analyzed had Windows Remote Desktop Protocol (RDP) internet-accessible for at least 25 per cent of the month, leaving them open to ransomware attacks or unauthorized login attempts.

The dangers are not just in on-premises environments, the report adds. The report estimates 80 per cent of security exposures are present in cloud environments, compared to on-premises at 19 per cent.

Nearly half of high-risk cloud-hosted exposures the study found each month were a result of the constant change by IT departments in cloud-hosted new services going online and/or old ones being replaced.

The report recommends organizations:

— have a complete and up-to-date inventory of hardware and software, both on prem and in the cloud;
— ensure vulnerability management processes can not only find and install the latest security patches but also discover and remediate misconfigured services;
— set a risk exposure rating for critical applications, for patch prioritization;
— monitor all remote access points for unauthorized logins;
— manage their attack surface with automated tools.

You can get the report here. Registration is required.

The post Attack surfaces still aren’t being managed fast enough by IT: Report first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Cyber Security Today, July 8, 2024 – New ransomware group discovered, and summer podcast break starts

A new ransomware group is discovered. Welcome to Cyber Security Today. It's Monday July 8th, 2024. I'm Howard Solomon,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways