October 2, 2023

Palo Alto’s Unit 42 has come with a report “Attack Surface Threat Report” that reveals 85% of organizations have RDP internet accessible for at least 25% of the month, leaving them open to ransomware attacks or unauthorized login attempts.

The  report showcases that the threat actors are exploiting new vulnerabilities at rapid phase and sheds light on how the cybercriminals are exploiting new vulnerabilities within hours of public disclosure and how organizations are finding it difficult to manage their attack surfaces at the speed and scale necessary to combat threat actor automation.


It argues organizations have a major attack surface management problem, but many are unaware that they do because they lack full visibility of the various information technology assets and owners. One of the biggest culprits of these unknown risks is remote access service exposures, which account for nearly one of every five issues found on the internet.

The report includes the findings about the ability for an attacker to move at “machine speed,” with the ability to scan the entire IPv4 address space for vulnerable targets in minutes. Of more than 30 Common Vulnerabilities and Exposures analyzed, three were exploited within hours of public disclosure and 63% were exploited within 12 weeks of the public disclosure.

The researchers analyzed 15 RCE vulnerabilities and found that 20% were targeted by ransomware gangs within hours of disclosure and 40% of the vulnerabilities were exploited within eight weeks of publication.


The report also explains the cloud is the dominant attack surface, with 80% of security exposures present in cloud environments compared to 19% in on-premises environments. Nearly half of high-risk, cloud-hosted exposures each month were a result of the constant change in new services going online or old ones being replaced. More than 75% of publicly accessible software development infrastructure exposures were also found in the cloud, making them attractive targets for attackers.

More than 85% of organizations were making RDP internet-accessible for at least 25% of the month, eight of the nine industries studied had internet-accessible RDP vulnerable to brute-force attacks for at least 25% of the month. Median financial services and state or local government organizations were found to have RDP exposures for the entire month.

Leave a Reply

%d bloggers like this: