Cloud

New study on threat surfaces says cloud, remote access as most vulnerable

Unit 42’s survey reveals threats to cloud surface, danger of remote access.
article cover

Francis Scialabba

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

It’s cloudy skies above for defenders, a new report on attack surfaces claims, as remote access offers threat actors more avenues to get inside critical systems.

Palo Alto Networks subsidiary Unit 42 released its 2023 Attack Surface Threat report on Sept. 14, detailing the current state of the threat landscape and advising organizations on how to respond to infiltration.

Unit 42 went over petabytes of data collected in 2022 and 2023 by fellow Palo Alto subsidiary Cortex Xpanse for the report. The threat intelligence firm found that 80% of reported medium, high, or critical exposures took place on cloud-based assets. And 85% of organizations left remote access connected to the internet, offering attackers another threat surface to use for infiltration.

Attackers are moving fast. Unit 42 found that threat actors act at “machine speed,” often scanning an entire IPv4 address space in just minutes. Adversaries are routinely attacking publicly accessible surfaces within days—and occasionally within hours—of their being exposed.

Compounding the problem is that organizations are refreshing and updating 20% of their cloud-based IT infrastructure every month; nearly half of high or critical exposures were traced to the churn in new systems going online and being replaced.

Threats change by industry as well. IT security and networking infrastructure was the most pressing attack surface for the high technology, government, utilities and energy, manufacturing, education, and transportation and logistics sectors. File sharing was the greatest risk to the professional, legal, and financial services sectors; for retail, remote access services caused the most exposure; and for healthcare, development infrastructure posed the most risk.

Matt Kraning, CTO of Cortex Xpanse, told SDX Central that the numbers in the survey show the pervasiveness of the problem.

“The biggest takeaway is it’s not just certain industries and not others,” Kraning said. “What this report highlights is how widespread these organizational issues are.”

Luckily, there are some common sense solutions available. Unit 42 recommends that organizations ensure continuous visibility over online assets, find and address critical vulnerabilities, secure remote access services, and address cloud misconfigurations.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.