A report by cybersecurity firm Randori has categorized the most tempting internet-exposed assets that a threat actor is likely to exploit. The report also revealed that one in 15 organizations currently operates a version of SolarWinds that is actively exploited.
In the 2021 Randori Attack Surface Report, researchers assigned each asset a “Temptation Score” – the chances that an attacker will go after it.
The report showed that more than 25% of organizations have exposed RDP to the internet, while 15% of organizations still use outdated versions of IIS 6 that Microsoft has not supported in the last six years. Randori gave IIS 6 a Temptation Score of 37.
Nearly 40% of organizations use Cisco’s Adaptive Security Appliance (ASA) firewall, which has a history of public vulnerabilities and a Temptation Score of 37. Nearly 50% of all organizations use Citrix NetScaler, which has a score of 33 and multiple public exploits.
Both CiscoWeb VPN and Palo Alto Global Protect joined Citrix NetScaler as VPNs, which are listed in the report with the highest Temptation Scores.
Only 3% of organizations still run versions of Microsoft Outlook Web Access. It was one of the highest on the Temptation Score scale with 38.
The SolarWinds issue has been highlighted in the report because it has exposed vulnerabilities, is mission-critical technology for many companies and is widely used.
The researchers were continually surprised to see that simple burglary attacks with little effort still work in successful enterprises. They also found that a high percentage of organizations do not use MFA.
The researchers suggest that security teams frequently change the default settings so that the version number is not publicly disclosed. If companies are unable to patch or update a tool, they should at least hide it.
In addition, security teams must also find ways to reduce their attack surfaces by migrating things offline or disabling unused functionality.