Brazil is the country with the highest volume of exposed data in the world Brazil is the country with the highest volume of exposed data in the world 

Tenable’s Threat Scenario Report: According to Tenable’s Threat Scenario Report, more than 112 Terabytes of data were exposed in 2022 in Brazil, about 43% of the world’s total.

Exposure management company Tenable has released its annual 2022 Threat Scenario Report, which assesses the persistent threat represented by known vulnerabilities (those for which patches have already been made available) as the primary vehicle for cyber attacks. The findings are based on Tenable Research’s team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 publicly disclosed data breach incidents between November 2021 and October 2022.  

Tenable’s Threat Scenario Report categorizes important vulnerability data and analyzes attacker behavior to help organizations gain insight for their security programs and prioritize security efforts to focus on the highest risk areas and disrupt attack paths, reducing exposure to cyber incidents. Of the 1,335 breaches analyzed, there were exposed worldwide

all: 

  • 257 terabytes of data. Of these 112 terabytes only in Brazil, the country with the largest volume in the world, representing 43% of the total data exposed 
  • More than 2.29 billion records exposed 
  • More than 800 million records were leaked because of unprotected databases.  

“Companies need to manage the exposure of their networks and have a complete view of what is a priority. What we see is that the difficulty of prioritizing the highest risk vulnerabilities means that many of them remain unpatched even after years. Unpatched vulnerabilities represent an open door for attackers to gain access within organizations, and this situation is even more serious in Latin America,” says Arthur Capella, general director of Tenable in Brazil. 

Old Threats, New Problems 

Threat actors continue to have success with known and proven exploitable vulnerabilities that organizations have failed to patch as they should. According to Tenable’s report, the top group of most frequently exploited vulnerabilities represents a large set of known vulnerabilities, some of which were released as recently as 2017. Organizations that did not apply patches for these vulnerabilities were at higher risk of attacks throughout 2022.  

The top vulnerabilities exploited in this group include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and virtual private network solutions from Fortinet, Citrix, and Pulse Secure. For the other four most commonly exploited vulnerabilities – including Log4Shell, Folina, an Atlassian Confluence Server and Data Center flaw, and ProxyShell – patches and mitigations have been highly publicized and readily available. In fact, four of the first five zero-day vulnerabilities exploited in the real world in 2022 were released to the public on the same day that the vendor released patches and practical mitigation guidance. 

“The data highlights that known vulnerabilities often cause more havoc than new ones,” said Bob Huber, Chief Security Officer and Head of Research at Tenable. “Cyber attackers repeatedly succeed by exploiting these overlooked vulnerabilities to gain access to sensitive information. Numbers like these conclusively demonstrate that reactive post-event cybersecurity measures are not effective in mitigating risk. The only way to change this game is to evolve to preventative security and exposure management.”

Ransomware Still the Top Threat in Brazil  

In addition to vulnerability and misconfiguration analysis, the report examined prolific attack groups and their tactics. Ransomware remained the most common attack method used in successful breaches.  

  • In Brazil, ransomware was the cause of another 52% of cyberattacks, compared to 35.4% of the global average. 
  • In Brazil, public administration (governments, cities and municipalities) was the most affected sector with 42%, followed by retail (19%) and the financial and insurance sector (9%). 
  • Globally, health and social assistance remain the sectors with the highest number of violation cases, with 35.4% of all cases analyzed.  In a report by Tenable Research on the ransomware ecosystem, a multi-million dollar

a multi-million dollar network driven by dual extortion and ransomware-as-a-service models was uncovered, which simplifies the job of cybercriminals who lack the technical skills to treat ransomware as a true crime commodity.  

In the global landscape, the ransomware group LockBit, a known user of double and triple extortion tactics, dominated the ransomware sphere, accounting for 10 percent of the incidents analyzed, followed by the Hive group (7.5 percent), Vice Society (6.3 percent) and BlackCat/ALPHV (5.1). 

To download a free copy of the report today, go to:
https://pt-br.tenable.com/cyber-exposure/2022-threat-landscape-report

By admin