According to a recent report from Kaspersky, 53.6% of the cybersecurity incidents to which the company responded in 2021 started with exploitation of a vulnerability in a public-facing app. This made exploitation of public-facing apps the top initial vector for cyberattacks, accounting for over half of the attacks for which Kaspersky was called in.
A “public-facing app” is any application that can be accessed via the internet, whether hosted on a company’s own servers or in the cloud and includes the ecommerce, financial service, social media and traditional media websites that people depend on. With the proliferation of remote work and migration to cloud-based computing, it also means that the vast majority of enterprise apps are public-facing, in one way or another.
The Jump in Exploitation of Public-Facing Apps
This is a big change from previous years. In 2020, the leading initial attack vector was compromised accounts, representing 31.6% of attacks. Exploitation of public-facing apps was a close second at 31.5%. In 2021 compromised accounts dropped to only 18% of initial attacks. While Kaspersky reports that among their clients, malicious email has been declining in popularity as an initial attack vector and accounted for only 14% of cyberattacks in 2021, other sources attribute many more attack initiations to phishing, BECs and vishing.
The jump in exploitation of public-facing apps coincides with the appearance of the CVE- 2021-26855 Microsoft Exchange SSRF vulnerability, which allows attackers to send arbitrary HTTP requests and authenticate on the Exchange server. This one vulnerability was exploited in almost a quarter of the cases where the initial attack vector was via a public-facing app. Although Microsoft issued a security update promptly when it learned of the vulnerability, the combination of cybercriminals immediately launching attacks and companies being slow to install the update resulted in this vulnerability having a major impact: An estimated 250,000 servers around the world were breached by way of this vulnerability, including servers for law offices, medical research institutes, defense contractors, universities, non-governmental organizations, and think tanks.
Attack Targets
For several years now, ransomware attacks have been the dominant cybersecurity threat, and Kaspersky saw that same pattern in 2021. In over half of the successful attacks, the victim’s data was encrypted. In 16% of the cases there was data leakage, and in 11% the victim’s active directory was compromised, a problem that can result in a company losing control of its entire IT infrastructure.
Protecting Against Public-Facing App Exploits
Promptly installing security patches and updates can stop many attacks, yet zero-day exploits will still allow hackers to get through. Web Application Firewalls are far from foolproof, and many attackers succeed in breaching these firewalls and accessing the apps. Moreover, WAFs are exceptionally prone to false positives so in most organizations they are used in alert only mode, offering little if any protection in real time. A more secure solution is needed.
Web Application Isolation (WAI) enables organizations to render their apps inaccessible to would-be attackers, even when zero-day exploits are involved.
With WAI, apps are air-gapped from users – and crucially, from potentially infected user devices. All code communicated to apps is processed in a cloud-based container, with only a safe data stream sent on to the app. WAI also cloaks app surfaces from view of hackers attempting to probe for vulnerabilities.
Significantly in this work-from-home age, WAI enables organizations to secure user access from unmanaged devices by enabling logon solely via the ZTEdge Cloud, where least-privilege controls are applied to ensure that each user can access only the resources required for their work.
Conclusion
A comprehensive Zero Trust-based approach, such as that underlying ZTEdge, is the best way to defend against common cyberthreats, including phishing, zero days, and app vulnerability exploits. The cloud-delivered ZTEdge Secure Service Edge (SSE) platform is ideal for organizations of all sizes that are need an easy-to-integrate, simple to use solution for reducing cyber-risk without interfering with users’ essential tasks.
