Highlights:

  • The report’s key findings include that attackers can move at “machine speed,” scanning the entire IPv4 address space for weak targets in a matter of minutes.
  • The Unit 42 researchers examined 15 remote code execution vulnerabilities and discovered that ransomware gangs immediately targeted 20%, and 40% were exploited within eight weeks of publication.

According to a recent report by Palo Alto Network Inc.’s Unit 42, 85% of businesses have Remote Desktop Protocol internet access for at least 25% of the month, making them vulnerable to ransomware attacks or unauthorized login attempts.

The 2023 Unit 42 Attack Surface Threat Report, which was just published, delves into the dynamic nature of cloud environments and the speed at which threat actors exploit new vulnerabilities. The report explains how hackers take advantage of new flaws just hours after they are made public and how businesses struggle to manage their attack surfaces quickly and effectively enough to counter threat actor automation.

According to the report, organizations struggle with managing their attack surfaces. Still, many are unaware of this because they cannot fully understand their information technology assets and owners. Exposures to remote access services, which make up almost one out of every five problems discovered online, are one of the main causes of these unidentified risks.

The report’s key findings include that attackers can move at “machine speed,” scanning the entire IPv4 address space for weak targets in a matter of minutes. Three of the more than 30 Common Vulnerabilities and Exposures examined were exploited within hours of their public disclosure, and 63% were exploited within a year.

Additionally, the Unit 42 researchers examined 15 remote code execution vulnerabilities and discovered that ransomware gangs immediately targeted 20%, and 40% were exploited within eight weeks of publication.

The report’s findings that the cloud is the primary attack surface—80% of security exposures exist there, compared to only 19% in on-premise environments—may not come as a surprise.

The vulnerability of cloud-based IT infrastructure stems in part from the fact that cloud installations are constantly evolving, changing by more than 20% monthly across all industries. New services go live, or outdated ones are replaced each month, resulting in nearly half of high-risk, cloud-hosted exposures. The cloud also contained more than 75% of publicly accessible software development infrastructure exposures, which attracted attackers as attractive targets.

Eight out of the nine industries examined by Unit 42 had internet-accessible RDP that was vulnerable to brute-force attacks for at least 25% of the month, which was in addition to finding that more than 85% of organizations made RDP internet-accessible for at least 25% of the month. It was discovered that organizations in the median financial services and local or state government sectors had RDP exposures for the entire month.