Palo Alto Networks Attack Surface Threat Report: The unmanaged attack surface is too complex at many companies

Gandalf_The_Grey

Level 62
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,119
These are some of the key findings of Palo Alto Networks' ASM Threat Report 2022 (registration required), which is based on observable data from more than 100 organizations rather than self-reported surveys:
  1. The cloud continues to be a security nightmare: Nearly 80 percent of all issues observed on the global attack surface took place in the cloud. Cloud deployments, while simple, lead to numerous unintentional attacks due to misconfigurations and shadow IT.
  2. Low-hanging fruit continues to linger: Non-zero-day threats are everywhere. Nearly one in four issues researchers found on the attack surface were related to an unprotected RDP server, which has become the preferred gateway for ransomware. The Xpanse investigation also uncovered more than 700 unencrypted login pages for various IT services that were unencrypted and publicly accessible. Nearly 3,000 database storage and analytics systems and over 2,500 critical building control systems (BCS) were also accessible via the public Internet.
  3. End-of-Life-Software = End-of-Life for Security: 30 percent of organizations deployed end-of-life (EOL) software versions that were affected by CVEs for which active exploits were already known and listed in U.S. government cybersecurity advisories.
  4. Unchecked attack surface increases: The researchers also found that several companies had a large number of active issues that they fought within a month, but were never truly secure. These companies remained vulnerable throughout the month because their unmanaged attack surface continued to grow while other security issues were fixed.
  5. Persistent, complex, but unique: Xpanse's research found that while the attack surface is unique to each industry, vulnerabilities persist. For example, nearly 23 percent of all problems in the utilities and energy sector were due to compromised building control systems. Nearly 50 percent of all problems in professional and legal services involved data storage systems and unencrypted logins exposed to the public Internet. This put intellectual property, important client data and other highly sensitive information at risk.