Critical exposures outside of an organization’s firewall are the greatest source of cybersecurity threats, according to CybelAngel.
Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data and credentials, have proven to be an increasing challenge for organizations to detect and secure.
Critical cybersecurity exposures
The report also highlights the critical paths hackers will take to get to their target, as well as trends in cybercrime, key areas of data risk, and a breakdown of exposures by industry.
Among exposures, CybelAngel found:
- 87% of all detected threats are from third-party or malicious actors.
- Almost 1 in 10 (9%) of all detected internet-facing assets had an associated unpatched vulnerability. The top 10 CVEs were found unpatched at least 12 million times each.
- More than 70 billion files, including intellectual property and financial information, are currently freely available, unprotected, on unsecured web servers.
Passive security measures no longer enough
The trends within these detections are even more concerning when viewed against industries, with a significant number of risk areas threatening critical infrastructure including telecommunications, construction, and oil and gas. The top three exposed industries are:
- Retail, with a disproportionately high number of malicious domains and many vulnerabilities detected in their assets.
- Telecommunications, which ranked notably high in many of the risk areas we examined—open ports, unsecured databases, sensitive documents, leaked credentials and dark web activity.
- Business Services were overrepresented in dark web activity and the number of malicious domains.
“Enterprise cybersecurity leaders and decision-makers have been successful in securing their own security perimeter, but critical infrastructure and other modernizing industries have fallen short. This is a major concern in itself,” said Erwan Keraudy, CEO of CybelAngel.
“With the majority of detected risks originating from external assets and actors, the threats these industries face today are ultimately the same. This highlights an immediate need for a security mindset overhaul – passive and reactive security measures are no longer enough in today’s security landscape. Cybersecurity teams must take a proactive and comprehensive stance on looking for early indicators of risk, which requires full visibility into the EASM including known assets, shadow assets, partner, vendor, supplier assets and more,” concluded Keraudy.
Credential leaks and dark web marketplace activity
Information Stealer malware will proliferate within the enterprise. In a scan of the CybelAngel platform, 50% of emails associated with customers came with unhashed passwords – meaning they are plaintext and unencrypted. Many of the exposed emails in different breaches either share the same password or a close variation of another exposed password. Looking at credential leaks and dark web marketplace activity, malware designed to steal this data will grow rapidly.
Shadow IT, including OT and IoT will increase. Though companies invest heavily in protecting their known assets, it’s challenging to do the same for Shadow IT blind spots, especially with the increasing use of internet-connected assets that are rarely secure. The report found that 8% of all detected OT/IoT devices had vulnerabilities, which can serve as a bridge to breach an otherwise secure network.
The number of unsecured and misconfigured clouds will rise with cloud adoption. The complex multi-cloud environment extends the EASM immensely: CybelAngel detected 1.4 million misconfigured cloud devices. Almost 50% of all open cloud devices detected are personal Google Cloud Drives. AWS – S3 devices, or buckets, are the leader in detected exposed and open enterprise services – and the leader in being accessible to hackers.