External Exposure Was The Root Cause Of 82% Of Incidents

According to a new report from Tetra Defense, the Root Point of Compromise (RPOC) for attacks against U.S. companies was external exposure.  Patchable and preventable external vulnerabilities were found to be responsible for the bulk of attacks:

In Q1 2022, the vast majority — 82% — of total incidents happened through external exposure of either a known vulnerability on the victim’s network or a Remote Desktop Protocol (RDP). Taking a deeper look into these external exposures, they are classified in two ways:

1. External Vulnerabilities” which could have been mitigated through publicly available security patches and software updates. In these instances, a threat actor utilized a known vulnerability to gain access to the network before the internal organization was able to patch the system. In Q1 57% of total incidents were caused by the exploitation of external vulnerabilities.

2. “Risky External Exposures” which are IT practices such as leaving a Remote Desktop Protocol (RDP) port open to the public internet. These behaviors are considered “risky” because the mitigation relies on an organization’s continued security vigilance and willingness to enforce consistent standards over long periods of time. In Q1, 25% of total incidents Tetra Defense handled were caused by risky external exposures.

That’s not good at all. Mark Bower, VP of Product Management of Anjuna Security had this comment:

     “The report once again highlights the simple fact that in an ideal world, enterprises would patch and monitor untrusted compute and networks to keep data safe from leakage, but in truth it’s impossible to continuously down tools and close all risk gaps that affect modern business success. Vulnerabilities exist because they are discovered – but until that point, they are also exploitable holes in systems or processes. However, modern computing today is beginning to provide fresh new approaches to address risks like this, and we will start to see that at scale and in short order with compute ecosystems that shrink attack surfaces inherently for data at rest, in motion and in use.”

Hopefully enterprises of all sizes read this report and take action to secure themselves. Otherwise, they are prime targets for threat actors who are out to make them the next headline.

UPDATE: Aimei Wei, CTO and Co-founder of Stellar Cyber adds this:

     “External vulnerabilities and risky external exposures accounted for 82% of the incidents responded by Tetra Defense in Q1 2022. This highlights the critical need for having a threat detection and response system that continuously detect the vulnerabilities and exposed risks (such as RDP port open to the public) and respond automatically. Patching definitely pays off for known vulnerabilities. It greatly reduces the attack surface. However, it is hard to guarantee that the patch is always immediately available for the software version you are using and can be applied in time. Organization’s continued security vigilance and enforcement of standards can dramatically reduce the chances for exploitation from exposed risks. However, the exposed risk, even for a short period of time, may still be exploited. Having a detection and response system that can continuously monitor the environment, detect the exploitation and stops the attack from progression to an incident covers the cases missed by not in-time patch or not consistent enforcement or short period of time for exposed risks.”

Leave a Reply