New insight reveals increasing complexity and exposure in attack surfaces driven by AI-generated threats

Palo Alto Networks, the global cybersecurity leader, today released its latest report, ‘2024 Unit 42 Attack Surface Threat Report’, revealing the rapidly evolving landscape of cybersecurity threats. The study, drawn from several petabytes of data collected throughout 2023, highlights the growing challenges organisations face in securing their IT infrastructure amid constant changes and the increasing likelihood of AI-driven attacks.  

This report underscores that organisations in critical sectors such as insurance, pharmaceuticals, and manufacturing are seeing a relentless evolution in their attack surfaces, making them prime targets for cyber criminals exploiting AI-generated vulnerabilities. As businesses continue to expand their digital footprints, the test of tracking and protecting all assets becomes increasingly difficult. Many organisations struggle to inventory their internet-facing applications, leaving them exposed to cyber threats that often begin with the exploitation of software vulnerabilities.   

Key findings from the report include: 

• Constantly Evolving Attack Surfaces: On average, an organisation’s attack surface introduces over 300 new services every month, accounting for nearly 32% of new high or critical cloud exposures. This rapid growth of new services without central oversight inevitably leads to misconfigurations and exposures, resulting in higher chances of a breach.
  
• Increased Risks from Lateral Movement and Data Exfiltration: Organisations experienced 73% of high-risk exposures within IT and Networking Infrastructure, Business Operations Applications, and Remote Access Services, which can be exploited for lateral movement and data exfiltration.
  
• Critical IT and Security Infrastructure Exposures: Over 25% of exposures involve critical IT and networking infrastructure, opening doors to opportunistic attacks. These include vulnerabilities in application-layer protocols and internet-accessible administrative login pages of routers, firewalls, VPNs, and other core networking and security appliances. Remote access services and business operation applications also constitute a significant portion of exposures, with each comprising over 23% of attack surface exposures. 

High Vulnerability in Key Industries: 

• Media and Entertainment: The industry experienced the highest rate of new services added, exceeding 7,000 per month. 

• Telecommunications, Insurance, Pharma and Life Sciences: These industries saw substantial increases, with over 1,000 new services added to their attack surfaces. 

• Critical Industries: Financial services, healthcare, and manufacturing saw their attack surfaces add over 200 new services every month. 

The report also highlights the need for organisations to adopt AI-driven tools like Cortex Xpanse which provides continuous asset discovery and inventory. This capability is essential for maintaining complete visibility into the attack surface and reducing security risks.

Steve Manley, Regional Vice President for Australia and New Zealand at Palo Alto Networks, said, “Attackers are moving faster and more aggressively, leveraging AI to exploit even the smallest gaps in an organisation’s defence. Our report makes it clear that central oversight is essential to address today’s increasingly complex exposure landscape, which is why organisations and governments are turning to Attack Surface Management (ASM) practices to meet this need. We saw the importance of this recently, with the Australian government’s directives for all government agencies to adopt ASM policies, to gain complete visibility into their attack surface and reduce security risks. By maintaining continuous visibility into their internet-facing infrastructure, organisations can take a proactive approach to effectively manage and secure their attack surface.” 

To secure attack surfaces effectively, maintaining persistent and comprehensive visibility across all assets, is essential for identifying and responding to risks such as high-profile vulnerabilities. Monitoring for unsanctioned services or shadow IT is critical to differentiate between known and unknown assets. Prioritising remediation efforts on high-severity vulnerabilities, especially those that are internet-exposed, is also crucial. Moreover, organisations should implement processes to address critical exposure risks in real time, optimise cloud configurations, and enforce secure data handling practices. Finally, staying informed about emerging threats and regularly reassessing the organisation’s attack surface are key strategies to mitigate risks.  

To learn more about Unit 42 and to download the 2024 Unit 42 Attack Surface Threat Report, please visit https://start.paloaltonetworks.com/2024-asm-threat-report.html. 

###

About Unit 42

Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organisation that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach and respond to incidents in record time so that you get back to business faster. Visit paloaltonetworks.com/unit42.

About Palo Alto Networks 

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organisations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognised among Newsweek’s Most Loved Workplaces (2021 and 2022), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.