Randori released a report that identifies the most tempting internet-exposed assets that an attacker is likely to go after.
Randori used proprietary data model that assigns each asset a unique attacker Temptation Score. The report then determines the prevalence of those highly tempting assets on enterprise attack surfaces globally.
Leading up to the anniversary of the SolarWinds hack, and after a very tumultuous year in cybersecurity — especially with ransomware and supply chain attacks — the 2021 Attack Surface Management Report: the Internet's Most Tempting Targets provides insights about attack surfaces into actionable data and advice
Top Trends include:
- One in 15 organizations currently runs a version of SolarWinds that is known to be actively exploited or highly tempting. These versions have an average Temptation Score of 40.
- 15% of organizations are running an outdated version of IIS 6, which hasn’t been supported by Microsoft for six years. IIS 6 has an average Temptation Score of 37.
- 38% of organizations use Cisco’s Adaptive Security Appliance (ASA) firewall, which has a history of public vulnerabilities. It has a Temptation Score of 37.
- 46% of organizations are running Citrix NetScaler, which has a history of public exploits, and if hacked would give an adversary high privileges. It has a Temptation Score of 33.
- 3% of organizations still run older versions of Microsoft Outlook Web Access (OWA) — versions 15.2.659 or older — despite the recent Exchange hacks and several known exploits. The average Temptation Score is 38.
- More than 25% of organizations have RDP exposed to the internet, which when exposed to the internet, increases the risk for attacks, including ransomware.
“I’d wager the remaining vulnerable SolarWinds instances are there because of ignorance, not negligence. Organizations struggle to know what they have exposed on the internet. Cloud migration and the work-from-home boom dramatically increased the number of exposed assets, and people can no longer rely on existing security strategies to understand their attack surface,” said David Wolpoff, CTO and cofounder Randori. “Many assume prioritizing based on vulnerability severity will keep you safe. But that’s simply not true. Attackers think differently, and vulnerability severity is just one of many factors weighed by an attacker. Our hope with releasing this report is that people will get deeper into the attacker’s mindset, apply attacker logic to their security programs, and get one step ahead.”
Read the full Attack Surface Management Report for a comprehensive analysis on the most tempting assets and to take a deep dive into the six attributes an attacker considers when determining what assets to go after.