(Edited Press Release)
To help enterprises gain ground in the battle against cybercrimes, the Palo Alto Networks Cortex® Xpanse™ research team studied the public-facing internet attack surface of some of the world’s largest businesses. From January to March 2021, the group monitored scans of 50 million IP addresses associated with 50 global enterprises to understand how quickly adversaries can identify vulnerable systems for fast exploitation.
Nearly one in three vulnerabilities uncovered was due to issues with the widely used Remote Desktop Protocol (RDP), use of which has surged since the beginning of 2020 as enterprises expedited moves to the cloud to support remote workers during the Covid-19 pandemic. This is troubling because RDP can provide direct admin access to servers, making it one of the most common gateways for ransomware attacks. They represent low-hanging fruit for attackers, but there is reason for optimism: Most of the vulnerabilities we discovered can be easily patched.
Here are the research’s key findings.
Adversaries are at work 24/7.
Adversaries work around the clock to find vulnerable systems on enterprise networks that are exposed on the open internet. Exposure of enterprise systems has expanded dramatically over the past year to support remote workers. On a typical day, attackers conducted a new scan once every hour, whereas global enterprises can take weeks.
Adversaries rush to exploit new vulnerabilities.
As soon as new vulnerabilities are announced, adversaries rush to take advantage. Scans began within 15 minutes after Common Vulnerabilities and Exposures (CVE) announcements were released between January and March. Attackers worked faster for the Microsoft Exchange Server zero-days, launching scans within five minutes of Microsoft’s March 2nd announcement.
Vulnerable systems are widespread.
Cortex Xpanse discovered that global enterprises found new serious vulnerabilities every 12 hours, or twice daily.
RDP amounted to a third of all security issues.
Remote Desktop Protocol accounted for about one-third of overall security issues (32%). Other commonly exposed vulnerabilities included misconfigured database servers, exposure to high-profile zero-day vulnerabilities from vendors such as Microsoft and F5, along with insecure remote access through Telnet, Simple Network Management Protocol (SNMP), Virtual Network Computing (VNC), and other protocols. Many of these high-risk exposures can provide direct admin access if exploited. In most cases, these vulnerabilities can be patched easily, yet they represent low-hanging fruit for attackers.
Cloud comprised the most critical security concerns.
Cloud footprints were responsible for 79% of the most critical security issues we found in global enterprises. This highlights how the speed and nature of cloud computing drive risk in modern infrastructure, especially considering how quickly cloud environments have grown over the past year as enterprises moved computing off-premises to enable the surge in remote work during the Covid-19 pandemic.
[wpedon id=”7508″ align=”center”]