List of IT assets an attacker is most likely to target for exploitation

Randori released a report that identifies the most tempting IT assets that an attacker is likely to target and exploit.

Leading up to the anniversary of the Solarwinds hack, and after a very tumultuous year in cybersecurity—especially with ransomware and supply chain attacks—the report wanted to understand the ongoing prevalence of internet-facing assets that contribute to these attacks.

Top temptation trends

• One in 15 organizations currently runs a version of SolarWinds that is known to be actively exploited or highly tempting.
• 15% of organizations are running an outdated version of IIS 6, which hasn’t been supported by Microsoft for six years.
• 38% of organizations use Cisco’s Adaptive Security Appliance (ASA) firewall, which has a history of public vulnerabilities.
• 46% of organizations are running Citrix NetScaler, which has a history of public exploits, and if hacked would give an adversary high privileges.
• 3% of organizations still run older versions of Microsoft Outlook Web Access (OWA) — versions 15.2.659 or older — despite the recent Exchange hacks and several known exploits.
• More than 25% of organizations have RDP exposed to the internet, which when exposed to the internet, increases the risk for attacks, including ransomware.

“I’d wager the remaining vulnerable SolarWinds instances are there because of ignorance, not negligence. Organizations struggle to know what they have exposed on the internet. Cloud migration and the work-from-home boom dramatically increased the number of exposed assets, and people can no longer rely on existing security strategies to understand their attack surface,” said David Wolpoff, CTO at Randori.

“Many assume prioritizing based on vulnerability severity will keep you safe. But that’s simply not true. Attackers think differently, and vulnerability severity is just one of many factors weighed by an attacker. Our hope with releasing this report is that people will get deeper into the attacker’s mindset, apply attacker logic to their security programs, and get one step ahead.”