The “new normal” business operations left most organizations vulnerable to new attack vectors. From database misconfigurations to unpatched vulnerabilities, organizations suffered several challenges in terms of remote workforce migration and changes in the threat landscape, Bitdefender’s business threat landscape report revealed.
According to the report, nearly 63% of all reported unpatched vulnerabilities involve CVEs that date back to 2018 and earlier, leaving organizations potentially open to various cyberattacks. Companies globally could be at severe security risk if they do not adopt patch management solutions as soon as possible.
Over 45% of security professionals believe that IoT devices in employees’ home networks pose serious security risks as they could be easily exploited by remote attackers to compromise the entire corporate network systems. Besides, the surge in the APT-as-a-service threat landscape gave businesses new security challenges and paved the way for opportunistic hackers to misuse the change in workforce deployment.
Key Findings:
- 87.31% of all misconfigurations involve having WinRM Service enabled.
- 93.10% of human risk factors involve employees using old passwords for accounts.
- 46.84% of all reported network-level attacks involve SMB exploits.
- 41.63% of all reported network-level attacks involve brute force attempts on RDP and FTP.
- 46% increase in suspicious IoT incidents in households throughout the first half of 2020.
- 4 in 10 emails on the Coronavirus topic are fraud, phishing, or malware.
- 42.52 % of Execution stage Command and Scripting interpreter sub-techniques involve the use of PowerShell Commands and Scrips.
“In the wake of 2020, 50% of organizations were unprepared to face a scenario in which they would have to migrate their entire workforce in a work-from-home environment. The global SARS-CoV22 pandemic may have been a respiratory illness that affected people around the world, but it also impaired the way organizations and business conducted normal operations. The lack of forward planning for such a scenario left many organizations open to potential vulnerabilities and misconfigurations that threat actors could have easily leveraged to score breaches, exfiltrate data, or even generate additional profit by extorting vulnerable companies,” said Bogdan Dumitru, CTO at Bitdefender.
