CybelAngel Analysis of Half-Billion Internet-Facing Apps & Devices Reveals Top Trends in Critical Exposures
2023 State of EASM Report reveals critical infrastructure sectors among top industries for shadow IT exposure, leaked & stolen credentials, and third-party cloud misconfiguration
CybelAngel, a global leader in External Attack Surface Management cybersecurity technology, released the 2023 State of the External Attack Surface: Annual Threat Trends Analysis Report. The second in an annual series, this report examines internet-facing exposures detected by CybelAngel’s Xtended External Attack Surface Management (EASMX) platform in 2022. The report also highlights the critical paths hackers will take to get to their target, as well as trends in cybercrime, key areas of data risk, and a breakdown of exposures by industry.
Read More about AiThority Interview: AiThority Interview with Thomas Kriebernegg, Managing Director & Co-Founder at App Radar
“Enterprise cybersecurity leaders and decision-makers have been successful in securing their own security perimeter, but critical infrastructure and other modernizing industries have fallen short. This is a major concern in itself”
The findings from the 2023 External Attack Surface Report reveal that exposures outside of an organization’s firewall are the greatest source of cybersecurity threats. Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data and credentials, have proven to be an increasing challenge for organizations to detect and secure.
Among exposures, CybelAngel found:
- 87% of all detected threats are from third-party or malicious actors.
- Almost 1 in 10 (9%) of all detected internet-facing assets had an associated unpatched vulnerability. The top 10 CVEs were found unpatched at least 12 million times each.
- More than 70 billion files, including intellectual property and financial information, are currently freely available, unprotected, on unsecured web servers.
The trends within these detections are even more concerning when viewed against industries, with a significant number of risk areas threatening critical infrastructure including Telecommunications, Construction, and Oil and Gas. The top three exposed industries are:
- Retail, with a disproportionately high number of malicious domains and many vulnerabilities detected in their assets.
- Telecommunications, which ranked notably high in many of the risk areas we examined—open ports, unsecured databases, sensitive documents, leaked credentials and dark web activity.
- Business Services were overrepresented in dark web activity and the number of malicious domains.
“Enterprise cybersecurity leaders and decision-makers have been successful in securing their own security perimeter, but critical infrastructure and other modernizing industries have fallen short. This is a major concern in itself,” said Erwan Keraudy, CEO and co-founder of CybelAngel. “With the majority of detected risks originating from external assets and actors, the threats these industries face today are ultimately the same. This highlights an immediate need for a security mindset overhaul – passive and reactive security measures are no longer enough in today’s security landscape. Cybersecurity teams must take a proactive and comprehensive stance on looking for early indicators of risk, which requires full visibility into the EASM including known assets, shadow assets, partner, vendor, supplier assets and more.”
AiThority Interview Insights: AiThority Interview with at Brian Sathianathan, Co-Founder and CTO at Iterate.ai
Additional trends and predictions based on the report findings include:
- Information Stealer malware will proliferate within the enterprise. In a scan of the CybelAngel platform, 50% of emails associated with customers came with unhashed passwords – meaning they are plaintext and unencrypted. Many of the exposed emails in different breaches either share the same password or a close variation of another exposed password. Looking at credential leaks and dark web marketplace activity, malware designed to steal this data will grow rapidly.
- Shadow IT, including Operational Technology (OT) and Internet of Things (IoT) will increase. Though companies invest heavily in protecting their known assets, it’s challenging to do the same for Shadow IT blind spots, especially with the increasing use of internet-connected assets that are rarely secure. The report found that 8% of all detected OT/IoT devices had vulnerabilities, which can serve as a bridge to breach an otherwise secure network.
- The number of unsecured and misconfigured clouds will rise with cloud adoption. The complex multi-cloud environment extends the EASM immensely: CybelAngel detected 1.4 million misconfigured cloud devices. Almost 50% of all open cloud devices detected are personal Google Cloud Drives. AWS – S3 devices, or buckets, are the leader in detected exposed and open enterprise services – and the leader in being accessible to hackers.
Latest AiThority Interview Insights : AiThority Interview with Joshua Wilson, Commercial Director, JAPAC at Crimtan
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.