Complex Made Simple

2021 Cortex Xpanse Report- Palo Alto Networks identify top security issues

Every time a new security vulnerability surfaces, a frenzied race kicks off between attackers scanning the internet to identify vulnerable systems and defenders scrambling to implement patches

A would-be attacker needs only $10 to rent cloud computing power to scan for vulnerable systems Nearly 1 in 3 vulnerabilities uncovered were due to issues with Remote Desktop Protocol (RDP) Adversaries work around the clock to find vulnerable systems on enterprise networks

Every time a new security vulnerability surfaces, a frenzied race kicks off between attackers scanning the internet to identify vulnerable systems and defenders scrambling to implement patches and other mitigations to protect their networks.

Computing has become so inexpensive that a would-be attacker needs only spend about $10 to rent cloud computing power to do an imprecise scan of the entire internet for vulnerable systems. It is known from the surge in successful attacks that adversaries are regularly winning races to patch new vulnerabilities. It’s hard to ignore the increasingly common firsthand experiences with breaches disrupting our digital lives, as well as the continuous flow of news reports chronicling the surge in cyber extortion.

To help enterprises gain ground in this battle, the Palo Alto Networks Cortex® Xpanse™ research team studied the public-facing internet attack surface of some of the world’s largest businesses. From January to March, it monitored scans of 50 million IP addresses associated with 50 global enterprises to understand how quickly adversaries can identify vulnerable systems for fast exploitation.

Nearly one in three vulnerabilities uncovered were due to issues with the widely used Remote Desktop Protocol (RDP), use of which has surged since the beginning of 2020 as enterprises expedited moves to the cloud to support remote workers during the COVID-19 pandemic. This is troubling because RDP can provide direct admin access to servers, making it one of the most common gateways for ransomware attacks. They represent low-hanging fruit for attackers, but there is a reason for optimism: Most of the vulnerabilities we discovered can be easily patched.

Here are key report findings.

Adversaries are at work 24/7

Adversaries work around the clock to find vulnerable systems on enterprise networks that are exposed on the open internet. Exposure of enterprise systems has expanded dramatically over the past year to support remote workers. On a typical day, attackers conducted a new scan once every hour, whereas global enterprises can take weeks.

Adversaries rush to exploit new vulnerabilities

As soon as new vulnerabilities are announced, adversaries rush to take advantage. Scans began within 15 minutes after Common Vulnerabilities and Exposures (CVE) announcements were released between January and March. Attackers worked faster for the Microsoft Exchange Server zero-days, launching scans within five minutes of Microsoft’s March 2ndannouncement.

Vulnerable Systems Are Widespread

Cortex Xpanse discovered that global enterprises found new serious vulnerabilities every 12 hours, or twice daily.

RDP amounted to a third of all security issues

Remote Desktop Protocol accounted for about one-third of overall security issues (32%). Other commonly exposed vulnerabilities included misconfigured database servers, exposure to high-profile zero-day vulnerabilities from vendors such as Microsoft and F5, along with insecure remote access through Telnet, Simple Network Management Protocol (SNMP), Virtual Network Computing (VNC), and other protocols. Many of these high-risk exposures can provide direct admin access if exploited. In most cases, these vulnerabilities can be patched easily, yet they represent low-hanging fruit for attackers.

Cloud Comprised the Most Critical Security Concerns

Cloud footprints were responsible for 79% of the most critical security issues found in global enterprises. This highlights how the speed and nature of cloud computing drive risk in modern infrastructure, especially considering how quickly cloud environments have grown over the past year as enterprises moved computing off-premises to enable the surge in remote work during the COVID-19 pandemic.