Nearly All Cybersecurity Companies Expose AWS Assets – Report

Security

Some 97% of multinational cybersecurity vendors have exposed assets in their AWS environments, many of them classed as high severity issues, according to Reposify.

The US startup used its scanning technology to analyze the cloud environments of a sample of 35 vendors and over 350 subsidiaries.

During a two-week window in January, Reposify’s external attack surface management (EASM) platform discovered 200,000 exposed cloud assets. Over two-fifths (42%) of these were identified as high severity issues – far higher than the 30% average across all industries.

Vulnerable software and improper access controls were the most common issues relating to high severity exposure.

Worryingly, more than half (51%) of the security vendors studied had at least one database exposed to attackers, while 40% had developer tools wide open to threat actors and 37% exposed storage and backup tools – mainly FTP (57%).

Eighty percent had exposed network assets, and even more (86%) of the security vendors analyzed had at least one sensitive remote access service exposed to the internet. Of the latter, OpenSSH (90%) was more common than RDP (47%).

Some 91% of Nginx and Apache web servers hosted exposed assets, according to the report.

Yaron Tal, founder and CTO at Reposify, argued that security vendors must lead by example and harden their external attack surface as digital initiatives grow.

“Despite domain expertise and in-depth knowledge of cyber risk, our findings clearly demonstrate how cybersecurity companies still have critical security blind spots,” he added.

“Distributed assets mean no industry is immune to cyber-threats. It’s critical that every organization arm security teams with complete, 24/7 visibility. Asset inventories are ever-changing; only a real-time automated inventory can keep security personnel up to date for shortened time to remediation.”

Products You May Like

Articles You May Like

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Why your data is more valuable than you may realize
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

Leave a Reply

Your email address will not be published. Required fields are marked *