AI-driven cyber threats dominate new Palo Alto Networks report

Palo Alto Networks has released its ‘2024 Unit 42 Attack Surface Threat Report’, revealing significant findings on the evolving landscape of cybersecurity threats.

Based on extensive data compiled throughout 2023, the report highlights increasing challenges in securing IT infrastructures, particularly with the rise of AI-driven attacks.

The findings emphasise that sectors such as insurance, pharmaceuticals, and manufacturing face continuous evolution in their attack surfaces, often leading to heightened vulnerabilities exploited by cyber criminals. As digital footprints expand, organisations struggle to effectively inventory their internet-facing applications, exposing them to cyber threats originating from software vulnerabilities.

One of the primary concerns noted is the constantly changing nature of attack surfaces. On average, an organisation’s attack surface incorporates over 300 new services monthly, with nearly 32% comprising new high or critical cloud exposures. According to the report, this rapid expansion often leads to misconfigurations and vulnerabilities, significantly increasing the probability of security breaches.

The report also details risks from lateral movement and data exfiltration. It finds that 73% of high-risk exposures are within IT and Networking Infrastructure, Business Operations Applications, and Remote Access Services. These exposures can be exploited for lateral movement and data exfiltration, posing substantial risks to the organisations concerned.

According to the research, over 25% of exposures involve critical IT and networking infrastructure, providing opportunities for opportunistic attacks. These vulnerabilities include weaknesses in application-layer protocols and internet-accessible administrative login pages of routers, firewalls, VPNs, and other core networking and security appliances. Remote access services and business operation applications contribute significantly to attack surface exposures, each constituting over 23% of total exposures.

The media and entertainment industry was identified as experiencing the highest rate of new services added, with figures exceeding 7,000 per month. Similarly, telecommunications, insurance, pharmaceuticals, and life sciences industries saw substantial increases, with over 1,000 new services added to their attack surfaces. Critically impacted sectors such as financial services, healthcare, and manufacturing each added over 200 new services monthly.

Steve Manley, Regional Vice President for Australia and New Zealand at Palo Alto Networks, underscored the urgency of addressing these issues. “Attackers are moving faster and more aggressively, leveraging AI to exploit even the smallest gaps in an organisation's defence. Our report makes it clear that central oversight is essential to address today’s increasingly complex exposure landscape, which is why organisations and governments are turning to Attack Surface Management (ASM) practices to meet this need.”

Manley pointed to recent directives from the Australian government, mandating all government agencies to adopt ASM policies for comprehensive attack surface visibility and risk reduction. “By maintaining continuous visibility into their internet-facing infrastructure, organisations can take a proactive approach to effectively manage and secure their attack surface,” he added.

Effective attack surface management includes maintaining comprehensive visibility across all assets, identifying and responding to high-profile vulnerabilities, and monitoring for unsanctioned services or shadow IT. Organisations are urged to prioritise remediation of high-severity vulnerabilities, optimise cloud configurations, and enforce secure data handling practices. Staying informed about emerging threats and regularly reassessing the attack surface are highlighted as crucial strategies for mitigating cyber risks.