New research by Tenable has revealed 2.29 billion records were exposed worldwide in 2022, as calculated by Tenable’s Security Response Team’s analysis of 1,335 breach data incidents publicly disclosed between November 2021 and October 2022.
Of the 1,335 breaches analysed globally, 143 breaches occurred in APAC, resulting in 1,561,990,339 exposed records and representing a whopping 68% of the global tally.
In comparison, organisations in North America, Europe, the Middle East, and Africa accounted for a combined 31% of records exposed.
This analysis is detailed in the Tenable 2022 Threat Landscape Report, published today, which categorises important vulnerability data and analyses attacker behaviour to help organisations inform their security programs and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents.
“The 2021 -2022 Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report highlighted ransomware and the exploitation of publicly reported software vulnerabilities as two key root causes of cyber incidents and data breaches among Australian organisations,” said Satnam Narang, senior staff research engineer, Tenable. “Our findings show a similar trend, in that most data breaches in APAC stem from the same origins, as seen in the most recent string of high-profile data breaches which compromised the private data of millions of Australians.
Perhaps most alarming for organisations were known vulnerabilities, in some cases dating back to 2017, still being exploited by attackers.
The findings show threat actors continue to find success with known and proven exploitable vulnerabilities that organisations have failed to patch or remediate successfully.
Organisations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022.
The top exploited vulnerabilities within this group include several high-severity flaws in Microsoft Exchange and virtual private network solutions from Fortinet, Citrix and Pulse Secure. For the other four most commonly exploited vulnerabilities – including Log4Shell; Follina; an Atlassian Confluence Server and Data Center flaw; and ProxyShell – patches and mitigations were highly publicised and readily available.
To further illustrate this issue of known vulnerabilities being the biggest problem in the industry, CVE-2021-21974 was recently in the news when a two-year old vulnerability in VMware’s ESXi servers was being widely exploited by ransomware groups.
Tenable’s global telemetry found that (among those who scanned for the vulnerability in February 2023) as of February 13, only 34% of organisations had remediated this specific threat prior to wide reporting of these attacks.
Once it got enough attention, remediation jumped to 87% just 10 days later on February 23. As of today, 13% of organisations remain vulnerable.
“The constant evolution of the modern digital environment introduces new challenges for security practitioners,” continued Narang “Successful security programs must take a comprehensive approach and understand where their most sensitive data and systems lay and what vulnerabilities or misconfigurations pose the greatest risk. Given the brisk rate of cloud migration, preventing attacks requires full visibility into all assets and exposures, extensive context into potential security threats, and clear metrics to objectively measure cyber risk.”
Report highlights include:
- Ransomware remained the most common root cause in 2022, responsible for approximately 35% of all breaches, and 29% of breaches in APAC
- In APAC, 9% of breaches were the result of phishing and email compromise, on par with the global average
- Cloud misconfigurations affect even the most mature organisations. Both Microsoft and Amazon experienced breaches of sensitive information due to misconfigurations in their cloud environments. In APAC almost 8% of all data breaches in 2022 were caused by unsecured databases, higher than the global average of 3%.
- Whilst healthcare and public administration remain the most-targeted industries worldwide, APAC shows another picture, with organisations categorised under the ‘Arts, Entertainment and Recreation’ industry and Retail being the two largest victims of breaches
- Supply chain vulnerabilities continue to haunt organisations still contending with the fallout from the Log4Shell vulnerability, disclosed late in 2021, while more vulnerabilities in common libraries and dependencies were disclosed