Best for you!

Enterprise internet attack surface is growing, report shows

The attack surface of large enterprises has grown in recent months driven by the new work conditions imposed by the COVID-19 pandemic. The threat has increased in many areas including servers that are directly accessible from the internet, domain names, websites, web forms, certificates, third-party applications and components or mobile apps. While some of those changes might be temporary, many are likely to be permanent, straining the ability of existing IT and security teams to manage and secure them.

Security firm RiskIQ, which specializes in digital asset discovery and protection, has used data collected recently by its technology through internet scans to assess the current global attack surface. Over two weeks, the company saw the addition of 2,959,498 new domain names and 772,786,941 new unique hosts to the web.

Nearly half of the websites in the Alexa top 10,000 were running on a known content management platform, which are common targets for hackers because of their popularity. The company also identified 13,222 WordPress plugins running on these websites, such third-party components also a common source of vulnerabilities and breaches.

When looking for known high and critical vulnerabilities, RiskIQ identified at least one potentially vulnerable component running on 2,480 of the Alexa top 10,000 domains. There were 8,121 potentially vulnerable web components in total.

“While some of these instances will have patches or other mitigating controls to prevent the identified vulnerabilities and exposures from being exploited, many will not,” RiskIQ warned in its report.

The internet attack surface of large enterprises

When looking at the internet assets belonging to companies on the FTSE 30 list, the security firm identified 1,967 domain names, 5,422 live websites, 8,427 hosts, 777,049 web pages, 3,609 certificates, 76,324 forms, 2,841 WordPress and Drupal sites, 114,504 IP addresses, 45 mail servers, 7,790 cloud-hosted apps on Amazon and Azure, 26 potentially vulnerable Citrix Netscaler instances, eight potentially vulnerable Palo Alto GlobalProtect instances, nine potentially vulnerable Pulse Connect instances, 25 potentially vulnerable Fortinet instances and 1,464 Remote Access service instances.

Leave A Reply

Your email address will not be published.