High-risk vulnerabilities are present on the network perimeter of most companies, a new report from Positive Technologies finds.
Analyzing more than 3,500 hosts for the report, including network devices, scanners and workstations, the company concluded that 84 percent of companies, across various industries, have such vulnerabilities present on their perimeters.
The report states that most of these vulnerabilities could easily be mitigated simply by patching up software, algorithms and protocols.
According to Positive Technologies, most companies are struggling to keep up with software updates. In some cases, they were even using software past the end of life date; the oldest vulnerability found in automated analysis was 16 years old.
Analysis revealed remote access and administration interfaces, such as Secure Shell (SSH), Remote Desktop Protocol (RDP), and Network Virtual Terminal Protocol (Internet) TELNET were frequently used to launch attacks. With access, criminals can easily launch brute-force attacks, moving through weak passwords “in a matter of minutes”.
“Network perimeters of most tested corporate information systems remain extremely vulnerable to external attacks,” said Ekaterina Kilyusheva, Head of Information Security Analytics Research at Positive Technologies.
“Even in 2020, there are still companies vulnerable to Heartbleed and WannaCry. Our research found systems at 26 percent of companies are still vulnerable to the WannaCry encryption malware.”