Compromised assets or email breaches rank among the top three major vulnerabilities discovered by Blackpanda, a digital forensics and cybersecurity company, in its inaugural study. The other two are exposed web services and known software vulnerabilities.
According to Blackpanda, 71.68% of the total risk level combined originates from email breaches or compromised assets, which the company also emphasized represents the most extensive vulnerability. Email breaches can be a major source for phishing or compromised network leading to corporate data leakage.
“In the Philippines, we see a significant number of high-severity vulnerabilities that allow attackers to compromise administrative credentials, gain unauthorized access to email accounts, or disrupt server operations,” said Evelyn Del Monte, managing director for Blackpanda Philippines.
Exposed web services make up 69.92% of high-risk exposed services issues. Vulnerabilities in web services indicate a widespread vulnerability to web-based attacks which can disrupt operations and compromise customer data.
Known software vulnerabilities are of medium-risk level and account for 59.96% of the system security issues. These vulnerabilities could be common concerns for software vendors and organizations.
Open vulnerabilities
Apart from the three major vulnerabilities, Blackpanda also saw that database and remote access services vulnerabilities pose threats to organizations along with system services and DNS configuration issues. Underlying risks from software misconfiguration and SSL/TLS configuration gaps can lead to severe breaches if not addressed promptly.
“The majority of the cyber incidents we encounter can be traced back to fundamental vulnerabilities that remain unpatched,” said Gene Yu, CEO of Blackpanda Group.
For this study, Blackpanda utilizes in-house external attack surface management (ASM) scan to identify top vulnerabilities that represent significant risk levels where threats are recommended to be resolved as soon as practicable or within a matter of days to prevent potential infiltration by attackers to launch an attack.