Based on the 12 months of data analyzed, Unit 42 has reported that:

• Today’s attackers have the ability to scan the entire IPv4 address space (containing over 4bn addresses) for vulnerable targets within minutes
• 75% or more of publicly accessible software development infrastructure exposures were found in the cloud
• Cloud-based IT infrastructures in the data were always in a state of flux, changing by more than 20% across every industry every month
• Nearly 50% of high-risk, cloud-hosted exposures each month were a result of the constant change in cloud-hosted new services going online, and/or old ones being replaced
• For at least 25% of each month, organizations enabled the Remote Desktop Protocol, which left them open to ransomware attacks or unauthorized login attempts
• The most vulnerable organizations were in: finance, national governments, healthcare and public utilities

The report has made the following recommendations:

1. Gain continuous visibility over ALL internet-accessible assets, in real time
2. Prioritize mediation of critical vulnerabilities and exposures with high CVSS and EPSS scores
3. Secure remote access services with Zero Trust, SASE, multifactor authentication and observability solutions
4. Root out cloud misconfiguration: regularly review and update configurations to ensure they align with best practices and address any potential security risks
5. Leverage threat intelligence capabilities to stay informed about new vulnerabilities, exploits, and threat actors while continuously assessing your organization’s attack surface for emerging or latent cyber risks