Your attack surface is showing, Unit 42 warns enterprises

Posted on by Admin
Your attack surface is showing, Unit 42 warns enterprises

Related Post

“Each vulnerable, internet-facing asset represents a potential entry point for attackers, and the severity of each vulnerability also increases the risk,” researchers stated. “The longer these vulnerabilities remain unaddressed, the higher the chance that they’ll be discovered and exploited by malicious actors. This is particularly critical given that sophisticated attackers are constantly scanning for new opportunities and can often weaponize new vulnerabilities within hours or days of their discovery.”

In addition, attackers speed up their activity both before launching an attack and after successfully infiltrating a target network. “According to prior research, attackers can scan the entire IPv4 address space, all 4.3 billion IPv4 addresses in minutes, looking for opportunities. Additionally, once attackers are in, they move faster to steal data, sometimes getting in and out in less than one day,” Unit 42 stated.

The report notes a number of common exposure points, including:

  • Remote access services: Exposures involving remote access services comprise almost 24% of observed exposures. These services, such as remote desktop protocol (RDP), secure shell (SSH), and virtual network computing (VNC), are critical for enabling remote connectivity to organizational networks and systems. However, when left exposed or improperly configured, they present substantial security risks.
  • Unpatched, misconfigured, and end-of-life systems: Attackers exploit vulnerabilities in these systems to gain unauthorized access or disrupt operations. For example, an attacker could exploit an unpatched critical router to intercept or modify network traffic, compromising data integrity or confidentiality. Misconfigured firewalls might inadvertently allow unauthorized access to internal networks, facilitating data exfiltration or malware propagation.
  • Weak or insecure cryptography: This exposes sensitive communications and data to interception or decryption by malicious actors. This could result in unauthorized access to confidential information or intellectual property theft, impacting competitive advantage and regulatory compliance.
  • Operational technologies (OT), embedded devices, and the Internet of Things (IoT) devices: Such devices often operate with limited security controls, making them vulnerable to exploitation. A malicious actor could use a compromised IoT device, such as a smart camera or sensor, as a foothold for attacking internal networks or as part of a botnet for launching distributed denial-of-service (DDoS) attacks.

To improve protection, organizations should identify attack surface risks with continuous, comprehensive scans of their ports, services and devices.

“Once you have a continuously updated inventory of internet-connected assets, the next step is to ensure all exposures and vulnerabilities are identified and routed to the appropriate stakeholders for swift remediation,” Unit 42 stated. “Focus on addressing the most critical vulnerabilities and exposures, such as those with a high Common Vulnerability Scoring System (CVSS), which indicates severity, and Exploit Prediction Scoring System (EPSS), which indicates the likelihood of exploitation, to reduce the risk of successful cyberattacks.”

Other protection suggestions include:



Source link