New research by Tenable®, the Exposure Management company, revealed 2.29 billion records were exposed worldwide in 2022, as calculated by Tenable’s Security Response Team’s analysis of 1,335 breach data incidents publicly disclosed between November 2021 and October 2022. Of the 1,335 breaches analysed globally, 143 breaches occurred in Asia Pacific and Japan, resulting in a whopping 68% of total records exposed globally. India accounted for 20% of the total records exposed. In comparison, organisations in North America, Europe, the Middle East, and Africa accounted for a combined 31% of records exposed.
This analysis is detailed in the Tenable 2022 Threat Landscape Report, published today, which categorises important vulnerability data and analyses attacker behaviour to help organisations inform their security programs and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents.
Perhaps most alarming for organisations were known vulnerabilities, in some cases dating back to 2017, still being exploited by attackers. The findings show threat actors continue to find success with known and proven exploitable vulnerabilities that organisations have failed to patch or remediate successfully. Organisations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022.
The top exploited vulnerabilities within this group include several high-severity flaws in Microsoft Exchange and virtual private network solutions from Fortinet, Citrix and Pulse Secure. For the other four most commonly exploited vulnerabilities – including Log4Shell; Follina; an Atlassian Confluence Server and Data Center flaw; and ProxyShell – patches and mitigations were highly publicised and readily available.
To further illustrate this issue of known vulnerabilities being the biggest problem in the industry, CVE-2021-21974 was recently in the news when a two-year-old vulnerability in VMware’s ESXi servers was being widely exploited by ransomware groups. Tenable’s global telemetry found that (among those who scanned for the vulnerability in February 2023) as of February 13, only 34% of organisations had remediated this specific threat prior to wide reporting of these attacks. Once it got enough attention, remediation jumped to 87% just 10 days later on February 23. As of today, 13% of organisations remain vulnerable.
“Threat actors continue to find success with known and proven exploitable vulnerabilities that organisations have failed to patch or remediate successfully,” said Satnam Narang, senior staff research engineer at Tenable. “We issued this same warning in 2020 and in 2021. Yet, two years later, such flaws remain one of the biggest risks in the vulnerability landscape. Unpatched vulnerabilities provide attackers with the most cost-effective and straightforward way to gain initial access into or elevate privileges within organisations. Don’t wait.”
Report insights from India and APAC include:
- In the APAC region, 29% of the breaches were a result of ransomware attacks. This was followed by attacks that weren’t categorised (28%), phishing/email compromise (9%), unsecured databases (8%) and exploitation of known and existing vulnerabilities (6%).
- In India, 33% of the attackers were a result of ransomware, while 17% of cyberattacks were due to unsecured databases.
- The arts, entertainment and recreation sectors witnessed the highest number of attacks in APAC at 11%, followed by retail (10%), public administration (10%) and healthcare (9%) sectors.
- Healthcare (11%) and retail (11%) sectors were the most targeted sectors in India followed by financial services (6%), education (6%), professional and technical Services (6%) and public administration (6%).