Cybercriminals are exploiting vulnerabilities within hours of discovery. Cloud misconfigurations and risky new cloud services are also increasing attack surfaces: study

In analyzing petabytes of information on internet-accessible exposures across 250 organizations from 31 Mar 2022 to 31 Mar 2023, one cybersecurity firm has examined the nature of the change of cloud services and the associated risks they create in a typical organization across industries.

Based on the 12 months of data analyzed, Unit 42 has reported that:

    • Today’s attackers have the ability to scan the entire IPv4 address space (containing over 4bn addresses) for vulnerable targets within minutes
    • 75% or more of publicly accessible software development infrastructure exposures were found in the cloud
    • Cloud-based IT infrastructures in the data were always in a state of flux, changing by more than 20% across every industry every month
    • Nearly 50% of high-risk, cloud-hosted exposures each month were a result of the constant change in cloud-hosted new services going online, and/or old ones being replaced
    • For at least 25% of each month, organizations enabled the Remote Desktop Protocol, which left them open to ransomware attacks or unauthorized login attempts
    • The most vulnerable organizations were in: finance, national governments, healthcare and public utilities

The report has made the following recommendations:

    1. Gain continuous visibility over ALL internet-accessible assets, in real time
    2. Prioritize mediation of critical vulnerabilities and exposures with high CVSS and EPSS scores
    3. Secure remote access services with Zero Trust, SASE, multifactor authentication and observability solutions
    4. Root out cloud misconfiguration: regularly review and update configurations to ensure they align with best practices and address any potential security risks
    5. Leverage threat intelligence capabilities to stay informed about new vulnerabilities, exploits, and threat actors while continuously assessing your organization’s attack surface for emerging or latent cyber risks

Modern threat actors are experts at exploiting the path of least resistance to gain access to victims’ environments, so defenders need to develop strong attack surface management protocols, the report concludes.