美通社

2024-08-29 10:00

Tenable Research Uncovers Thousands of Vulnerable Cyber Assets Amongst Southeast Asia's Financial Sector

Over 26,500 internet-facing assets susceptible to potential exploitation

SINGAPORE, Aug. 29, 2024 /PRNewswire/ -- New research conducted by Tenable®, Inc., the exposure management company, has uncovered more than 26,500 potential internet-facing assets among Southeast Asia's top banking, financial services and insurance (BFSI) companies by market capitalisation across Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam. 

On July 15, 2024, Tenable examined the external attack surface of over 90 BFSI organisations with the largest market capitalisations across the region. The findings revealed that the average organisation possesses nearly 300 internet-facing assets susceptible to potential exploitation, resulting in a total of more than 26,500 assets across the study group.

Singapore ranked the highest among the six countries assessed, with over 11,000 internet-facing assets identified across its top 16 BFSI companies. Over 6,000 of those assets are hosted in the United States.  Next on the list is Thailand with over 5000 assets. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape.

Country

Number of internet-facing assets amongst top 90 BFSI
companies by market capitalisation

1. Singapore

11,000

2. Thailand

5,000

3. Indonesia

4,600

4. Malaysia

4,200

5. Vietnam

3,600

6. Philippines

2,600

"The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps," said Nigel Ng, Senior Vice President, Tenable APJ. "By identifying and securing vulnerable assets before they can be exploited, organisations can better protect themselves against the growing tide of cyberattacks."

Cyber Hygiene Gaps 
The Tenable study revealed many potential vulnerabilities and exposed several cyber hygiene issues among the study group, including outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data.

Weak SSL/TLS encryption
A notable finding is that among the total assets, organisations had nearly 2,500 still supporting TLS 1.0—a 25-year old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organisations with extensive internet footprints face in identifying and updating outdated technologies.

Misconfiguration increases external exposure
Another concerning discovery was that over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organisations, as it creates an opportunity for malicious actors to target sensitive information and critical systems.

Lack of encryption
There were over 900 assets with unencrypted final URLs, which can present a security weakness. When URLs are unencrypted, the data transmitted between the user's browser and the server is not protected by encryption, making it vulnerable to interception, eavesdropping, and manipulation by malicious actors. This lack of encryption can lead to the exposure of sensitive information, such as login credentials, personal data, or payment details, and can compromise the integrity of the communication.

API vulnerabilities amplify risk
The identification of over 2,000 API v3 out of the total number of assets among organisations' digital infrastructure poses a substantial risk to their security and operational integrity.

APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface.

Malicious actors can exploit such weaknesses to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

"The cybersecurity landscape is evolving faster than ever, and financial institutions must evolve with it, so they can know where they are exposed and take action to close critical risk" Ng added. "By prioritising exposure management, these organisations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment."

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company's AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

Notes to Editors:

  1. Tenable examined the top 12-16 BFSI companies discoverable based on market cap.
  2. In the context of this alert:
  • An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.
  • The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organisation including all actively listening services (open ports) on each asset.

 

source: Tenable

樂本健【年度感謝祭】維柏健及natural Factors全線2件7折► 了解詳情

人氣文章
財經新聞
評論
專題
專業版
HV2
精裝版
SV2
串流版
IQ 登入
強化版
TQ
強化版
MQ

【etnet 30周年】多重慶祝活動一浪接一浪,好禮連環賞!

【etnet30周年連環賞】睇住賞Maxcare美天復康寶(升級版) (價值HK$1,680)

etnet榮獲HKEX Awards 2023 「最佳證券數據供應商」大獎

回顧24 展望25

大國博弈

貨幣攻略

說說心理話

聖誕新年特輯

Watche Trends 2024

北上食買玩

Artcation

秋冬養生食療

消委會報告

山今養生智慧

輕鬆護老