美通社

2024-08-29 10:00

Tenable Research Uncovers Thousands of Vulnerable Cyber Assets Amongst Southeast Asia's Financial Sector

Over 26,500 internet-facing assets susceptible to potential exploitation

SINGAPORE, Aug. 29, 2024 /PRNewswire/ -- New research conducted by Tenable®, Inc., the exposure management company, has uncovered more than 26,500 potential internet-facing assets among Southeast Asia's top banking, financial services and insurance (BFSI) companies by market capitalisation across Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam. 

On July 15, 2024, Tenable examined the external attack surface of over 90 BFSI organisations with the largest market capitalisations across the region. The findings revealed that the average organisation possesses nearly 300 internet-facing assets susceptible to potential exploitation, resulting in a total of more than 26,500 assets across the study group.

Singapore ranked the highest among the six countries assessed, with over 11,000 internet-facing assets identified across its top 16 BFSI companies. Over 6,000 of those assets are hosted in the United States.  Next on the list is Thailand with over 5000 assets. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape.

Country

Number of internet-facing assets amongst top 90 BFSI
companies by market capitalisation

1. Singapore

11,000

2. Thailand

5,000

3. Indonesia

4,600

4. Malaysia

4,200

5. Vietnam

3,600

6. Philippines

2,600

"The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps," said Nigel Ng, Senior Vice President, Tenable APJ. "By identifying and securing vulnerable assets before they can be exploited, organisations can better protect themselves against the growing tide of cyberattacks."

Cyber Hygiene Gaps 
The Tenable study revealed many potential vulnerabilities and exposed several cyber hygiene issues among the study group, including outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data.

Weak SSL/TLS encryption
A notable finding is that among the total assets, organisations had nearly 2,500 still supporting TLS 1.0—a 25-year old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organisations with extensive internet footprints face in identifying and updating outdated technologies.

Misconfiguration increases external exposure
Another concerning discovery was that over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organisations, as it creates an opportunity for malicious actors to target sensitive information and critical systems.

Lack of encryption
There were over 900 assets with unencrypted final URLs, which can present a security weakness. When URLs are unencrypted, the data transmitted between the user's browser and the server is not protected by encryption, making it vulnerable to interception, eavesdropping, and manipulation by malicious actors. This lack of encryption can lead to the exposure of sensitive information, such as login credentials, personal data, or payment details, and can compromise the integrity of the communication.

API vulnerabilities amplify risk
The identification of over 2,000 API v3 out of the total number of assets among organisations' digital infrastructure poses a substantial risk to their security and operational integrity.

APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface.

Malicious actors can exploit such weaknesses to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

"The cybersecurity landscape is evolving faster than ever, and financial institutions must evolve with it, so they can know where they are exposed and take action to close critical risk" Ng added. "By prioritising exposure management, these organisations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment."

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company's AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

Notes to Editors:

  1. Tenable examined the top 12-16 BFSI companies discoverable based on market cap.
  2. In the context of this alert:
  • An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.
  • The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organisation including all actively listening services (open ports) on each asset.

 

source: Tenable

【你點睇?】馬斯克劍指美國國家民主基金會(NED),籲網民找出「罪證」。你認為若NED遭關閉,是否可促進全球和平穩定?► 立即投票

人氣文章
最近7天
1
港股 | 蕭猷華:內地AI發展迅速,阿里巴巴股價看俏
2
高息定存 | 一周高息合集,銀行高息搶存,富邦1個月4.88厘,華僑1年期3.6厘
3
PapaHome淘寶家具實體店22日開幕,選址尖沙咀中港城,料創100個就業機會
4
高息定存 | 華僑銀行推新春港元定存優惠,88天或188天享3.68厘
5
英偉達 | DeepSeek衝擊AI晶片行業結構 英偉達暴跌仍未急抄底
6
高息定存 | 一周高息合集,蛇年定存金蛇起舞,1個月定存高達8厘
7
啟德體育園明天足球賽測試,4.4萬公僕參與涉逾400萬車馬費
8
電騙 | 黃俊碩:多管齊下,防治內地留學生受騙
9
環球央行 | 歐洲央行宣布再次減息0.25厘,符合市場預期
10
一本萬利 | 2025年的五個「勿」(有片)
11
易經看世界 | 乙巳蛇年趨吉五招:言行注意甚麼?應遠離甚麼人?(有片)
12
專訪 | 關稅戰 | 香港物流協會副會長梁庭彰:美物流商停收包裹對跨境電商打擊重大
13
高息定存 | 一周高息合集,減息預期降溫,銀行3個月最高5.68厘,6個月3.55厘
14
港股 | 午市前瞻 | iPhone SE難救中國市場 專家提醒比電已超買
15
【FOCUS】螺絲殼裏做道場,DeepSeek致勝啟示
16
大S | 台灣藝人徐熙媛因流感併發肺炎逝世,享年48歲
17
DeepSeek推出即上蘋果中國區榜首,能力直追OpenAI
18
【FOCUS】悟空、哪吒、DeepSeek,如何啟示香港
19
日入而息 | 習近平據報下周見科企領袖,證監會審視8券商孖展風控,大酒店轉蝕9億
20
收市短打 | 楊韻銳:港股升勢有成交配合 惟留意關鍵阻力位!
21
新世界 | 摩通:新世界若債務違約或打開行業「潘朵拉盒子」
22
港股 | 午市前瞻 | AI應用概念炒作有錢途 下階段部署邊隻好?
23
【FOCUS】侵侵呼籲全球「降息」,日銀祭18年最激進加息
24
彭博亞洲20大富裕家族,香港5大家族上榜,新地郭氏排名最高,無李嘉誠李兆基?
25
港股 | 蕭猷華:春節假後,恒指逐步上望21000點
26
高息定存 | 信銀國際12個月港元定存高達3.5厘
27
神州經脈 | 特朗普或與華討論關稅,人民幣大漲,滬指連升兩周
28
David Webb:因病情惡化,將有序結束個人財經網站
29
民營企業座談會 | 習近平在京出席民營企業座談會
30
AI | 蔡崇信確認阿里與蘋果合作,撰文談DeepSeek崛起帶來兩大啟示
專業版
HV2
精裝版
SV2
串流版
IQ 登入
強化版
TQ
強化版
MQ

etnet榮膺「第九屆傳媒轉型大獎」四大獎項

【限時優惠$68/月】申請etnet強化版MQ手機串流報價服務 捕捉板塊輪動,提高獲利勝算

etnet榮獲HKEX Awards 2023 「最佳證券數據供應商」大獎

2025-26年度財政預算案

大國博弈

貨幣攻略

說說心理話

Watch Trends 2024

北上食買玩

Art Month 2024

理財秘笈

流感高峰期

山今養生智慧

輕鬆護老