It is Microsoft's proprietary protocol that enables a user to connect to another computer through a network of computers running Windows. One of the best-known examples is Remote Desktop Protocol. Companies should also avoid direct access to Exchange Server from the internet.Ī great share of attackers initial accesses leading to cybersecurity incidents are related to services with remote access or management features. Kaspersky says the best defense against these vulnerabilities is to keep public-faced systems updated with the latest patches and product versions. The vulnerabilities from the both groups enable an actor to bypass authentication and execute code as a privileged user. While ProxyShell is quite common in China and in Vietnam, the countries most affected by ProxyLogon are in-government bodies in Thailand, the financial sector in China, the healthcare industry in the Philippines, and the industrial sector in Indonesia. Exploits for these vulnerabilities are easily available on the Internet, therefore, they can be easily exploited by even a low-skilled attacker. While researching the security problems of companies from the APAC region, Kaspersky experts observed a number of commonly used vulnerabilities dubbed ProxyShell and ProxyLogon. In terms of the share of vulnerabilities with publicly available exploits, three countries out of top five are located in Southeast Asia these are Malaysia, Vietnam, and Philippines.įrom Kaspersky's practice in incident response handled by Global Emergency Response Team (GERT) and CISA advisory adversaries use a well-known list of vulnerabilities to exploit organisation defenses. Singapore has a low number of vulnerabilities and an outstanding low ratio between the number of services and the sum of vulnerabilities in them, while Vietnam, Indonesia, Thailand and Malaysia have the highest ratio among SEA countries. Government institutions (major personally identifiable information (PII) processors and providers of critical services for citizens) are potential incident-generators by a huge margin. With the help of public sources and specialised search engines, Kaspersky collected information on 390,497 services available from public networks and analysed them for key security issues and vulnerabilities.Īnalysis revealed that in 2021, almost every fifth of the vulnerable services contained more than one vulnerability, thereby increasing the chances of an attacker performing a successful attack.Īll industry sectors, analysed in the report, in all countries have issues with application of security updates for publicly available services. Complicated business processes are forced to leave services on the perimeter, which in turn increases the external attack surface. The report's sole purpose is to create awareness about security threats, and demonstrate effective approaches to risk mitigation for widespread attacks with high business impact.Īccording to Kaspersky, the rapidly growing share of adversaries initial access approach is the exploitation of 1-day vulnerabilities. Kaspersky has unveiled the results of its Digital Footprint Intelligence report, covering the external threats for a selection of countries from the Asia Pacific region in 2021, including the six key countries Southeast Asia.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |