The survey identified high-risk vulnerabilities in 84% of organizations, and 58% of companies found at least one host with a high-risk vulnerability for which there is a public exploit.
In the public domain, experts found exploits for 10% of all identified vulnerabilities, which means that every tenth vulnerability can be exploited even without professional skills or experience in reverse engineering. At the same time, the researchers emphasized that half of all discovered vulnerabilities can be eliminated by simply installing the latest updates.
“Problems with the availability of updates were identified in all companies,” says Yana Avezova, an analyst at Positive Technologies, “and 42% of organizations use software products whose manufacturers have officially stopped supporting and no longer release security updates. For example, 32% of companies have applications written in the PHP version 5 programming language, which has been deprecated since January 2019. By the way, the age of the oldest vulnerability discovered during the instrumental analysis is 16 years.
At the network perimeter of most companies, web services, e-mail, interfaces for remote administration, and file services were identified.
For example, an expert report says that in 74% of organizations, SSH is directly accessible from the Internet. At the same time, every fifth vulnerability in software is associated with bugs in OpenSSH, which can lead to gaining control over the resources of the network perimeter or to penetration into the local network.
In more than half of organizations, external resources contain arbitrary code execution or privilege escalation vulnerabilities. The maximum privileges allow you to edit and delete any information on the site, therefore, there is a risk of denial of service, and for web servers – also the possibility of defacement, unauthorized access to the database, and attacks on clients. In addition, the attacker has the opportunity to develop an attack on other nodes.
In all companies, nodes were identified where one or another technical information is disclosed: the contents of configuration files, routes to the scanned node, OS versions or supported protocol versions. The more such information about the attacked system the attacker can collect, the higher his chances of success. According to experts, the reason lies in the insecure configuration of the services.
The researchers also note that nodes vulnerable to the SWEET32 attack were identified on the perimeter of all organizations, and for 84% of them, the POODLE attack is still relevant. If an attacker succeeds in carrying out these attacks, he can extract sensitive data from encrypted connections.
Moreover, about 26% of organizations are still at risk of being infected by the WannaCry ransomware, that is, they have an open network port 445 / TCP.