The digitalization of business operations has ushered in an alarming increase in potential attack surfaces, as highlighted by Palo Alto Networks’ Threat Intelligence team, Unit 42, in its latest report. The cloud has emerged as the most targeted for cyber threats.

Unit 42’s report reveals that 80% of security exposures are now found within cloud environments, in contrast to the 19% still lingering on-premise. This shift is exacerbated by the rapid exploitation of new vulnerabilities through automation, making it increasingly challenging for organizations to defend against attacks.

Palo Alto Networks analyzed petabytes of data about internet-accessible exposures across 250 global organizations from 2022 to 2023.

ePLDT taps Palo Alto Networks for cloud security
Palo Alto Networks discovers new version of malware targeting Facebook accounts

“Cloud-based IT infrastructure is always in a state of flux, changing by more than 20% across every industry every month,” the report said. 

The constant transformation of cloud services and vendors is responsible for 45% of high-risk cloud-hosted exposures each month. Over 75% of publicly accessible software development infrastructure exposures were traced back to the cloud.

Eight out of nine industries analyzed by Unit 42 had internet-accessible Remote Desktop Protocol (RDP) vulnerabilities, susceptible to brute-force attacks for at least 25% of the month.

Automation

“Today’s attackers have the ability to scan the entire IPv4 address space (containing over 4 billion addresses) for vulnerable targets in minutes,” Unit 42 said.

According to Unit 42, today’s attackers have the ability to scan the entire IPv4 address space, which encompasses over 4 billion addresses, in just minutes. Among the 30 Common Vulnerabilities and Exposures (CVEs) scrutinized, three were exploited within hours of public disclosure, and a staggering 63% were exploited within 12 weeks of the public disclosure.

The report underscores the widespread prevalence of Remote Access Exposures. Over 85% of organizations examined had Remote Desktop Protocol (RDP) accessible via the internet for at least 25% of the month. This accessibility poses significant risks, particularly in sectors like manufacturing, where IT, security, and networking infrastructure account for 48% of the top exposures, potentially leading to production and revenue losses.

Industries

Different industries face distinct vulnerabilities. Financial institutions report the most frequently exposed file-sharing services at 38%. National governments grapple with insecure file sharing and databases, constituting over 46% of all exposures within their organizations. Healthcare organizations face the challenge of misconfigured and vulnerable publicly exposed development environments, accounting for 56% of their exposures. In the utilities and energy sector, Internet-accessible IT infrastructure control panels represent 47% of the exposures.

Palo Alto Networks shared the following advice for organizations to boost their cyber defenses:

• Gain continuous visibility over all assets: Ensure a comprehensive real-time understanding of all internet-accessible assets, including cloud-based systems and services. 

• Prioritize remediation: Focus on remediating the most critical vulnerabilities and exposures based on CVSS (Common Vulnerability Scoring System) and EPSS (Exploit Prediction Scoring System).

• Secure remote access services: Implement multifactor authentication (MFA), and monitor all remote access services for signs of unauthorized access or brute-force attacks. 

• Address cloud misconfigurations: Regularly review and update inevitable cloud misconfigurations to ensure they align with best security practices.