This is in part due to COVID-19 — hackers, wanting to take advantage of the chaos caused by the pandemic, growing digitalization, and the pivot to work-from-home, have stepped up their attack efforts over the past 18 months.
All businesses — from small ecommerce retailers to major oil and gas companies — are at risk. However, predicting which assets hackers will attack can be challenging, potentially making business networks harder to defend.
Exploitable assets become a liability
According to data from a new Randori report, titled “The Attack Surface Report,” 1 in 15 organizations are running vulnerable versions of SolarWinds. Some of these versions contain exploits that can provide attackers with unauthenticated remote code execution, granting the hackers access to full control of a system.
As attacks become more frequent, exploitable assets can become a serious liability for businesses.
To assist businesses with identifying vulnerable assets, Randori has developed a measure that aims to predict how tempting a given asset is to cybercriminals.
The “Temptation Score” is calculated using a proprietary weighting of six asset characteristics, including enumerability, criticality, post-exploitation potential, and research potential.
Randori observed more than 100,000 assets with these characteristics to develop the new metric and gather data on the state of internet-exposed assets.
The report notes that many organizations continue to use vulnerable versions of SolarWinds, and goes on to describe why the company considers these assets tempting for hackers.
SolarWinds is particularly attractive to hackers due to its wide usage and prevalence of well-known exploits. Other examples of vulnerable software with high Temptation Scores include Microsoft IIS 6, remote desktop protocols (RDPs), VPNs such as Cisco’s Adaptive Security Appliance (ASA), or Citrix NetScaler.
According to the report, at least 15% of companies have an exposed version of IIS 6 online, 38% of organizations use Cisco’s ASA firewall, and 46% of organizations are running Citrix NetScaler. Both the ASA firewall and NetScaler have a history of public vulnerabilities and exploits. This means that nearly half of organizations studied may be leaving themselves vulnerable to an attack.
Identifying critical vulnerabilities
The upward trend in business hacks isn’t likely to reverse any time soon. As businesses continue to adopt more digital solutions, purchase IoT devices, and distribute their workforce, they’ll become more vulnerable to attacks — and more valuable targets.
For chief information security officers, the sheer size of business networks and the volume of new attacks can be disorienting. Measures like vulnerability severity can help them identify the assets that are most vulnerable to a hack, but they may not provide an accurate prediction of where cybercriminals will attack.
New measures like the Temptation Score may help — by considering factors like mission criticality and post-exploitation potential, researchers and cybersecurity experts may be able to develop better predictions of where and why hackers will strike.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more