In our recently released Industry Cyber-Exposure Report: Fortune 500, we uncovered that companies across all industries in the U.S. Fortune 500 are showing signs of recurring compromise. And if the resource-rich Fortune 500 is susceptible, it’s not difficult to imagine how bad it is for everyone else.
Did you remember to lock the door?
According to the cyber-exposure report two fatal services are frequently exposed to the public internet across the Fortune 500: Windows file-sharing Server Message Block (SMB) and Telnet. On average, members of the Fortune 500 expose a public attack surface of 500 servers or devices, and some have as many as 2,500 or more exposed to public attack. When these exposed devices are running one of these dangerous services, the risk to the organization explodes.
SMB services were found to be the most dangerous for a system to expose. Out of 21 sectors, 15 were exposing SMB despite the fact that its weaknesses are both well-known and documented across the security spectrum. While Microsoft has tried to reduce SMB exposure for normal desktop and laptop clients, Fortune 500 companies are still unable to secure it, even with all the resources they have at their disposal. Considering the presence of common vulnerabilities such as EternalBlue and the devastating malware strands based off of it such as WannaCry and NotPetya, it’s clear that there is no safe way to expose SMB services to the public internet.
Telnet servers offered a similar risk as SMB, leaving organizations open to credential theft, passive and active eavesdropping, and remote code execution due to the cleartext nature of the protocol. Furthermore, Telnet servers are not only major risk creators, but they are also pieces of outdated technology that has been replaced by more efficient services (such as SSH). The fact is, there is no practical or technical purpose for Telnet services today.
The role of vulnerability management
Many organizations do not realize they are exposing these vulnerable services to attackers. An effective vulnerability management program starts off by identifying all of the devices in your environment and understanding which vulnerabilities and other risks they may expose. From there, the most critical step—determining what to work on—is accomplished through a prioritization process that takes into account which weaknesses attackers are most likely to take advantage of. Then, the work is finally done to remediate these high-priority risks through patching or compensating controls.
This can be a daunting task, which is why Rapid7 has purpose-built InsightVM, our vulnerability management tool for the future. As the industry’s foremost vulnerability management tool, InsightVM empowers you to build your budding vulnerability management program or to inject new life into your existing processes and technology.
About the Industry Cyber-Exposure Report: Fortune 500
To compile the Industry Cyber-Exposure Report: Fortune 500, Rapid7 researchers used our internet-wide scanning platform, Project Sonar, and our passive sensor network, Project Heisenberg, to determine whether online assets are advertising vulnerable internet services or making suspicious outbound connections, which often indicate compromised systems.
Our research team then took a closer look at blocks of addresses and attributed them to organizations to determine the exposures of the Fortune 500 companies.