The attack surface of large enterprises has grown in recent months driven by the new work conditions imposed by the COVID-19 pandemic. The threat has increased in many areas including servers that are directly accessible from the internet, domain names, websites, web forms, certificates, third-party applications and components or mobile apps.
While some of those changes might be temporary, many are likely to be permanent, straining the ability of existing IT and security teams to manage and secure them.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]
Security firm RiskIQ, which specializes in digital asset discovery and protection, has used data collected recently by its technology through internet scans to assess the current global attack surface. Over two weeks, the company saw the addition of 2,959,498 new domain names and 772,786,941 new unique hosts to the web.
Nearly half of the websites in the Alexa top 10,000 were running on a known content management platform, which are common targets for hackers because of their popularity. The company also identified 13,222 WordPress plugins running on these websites, such third-party components also a common source of vulnerabilities and breaches.
When looking for known high and critical vulnerabilities, RiskIQ identified at least one potentially vulnerable component running on 2,480 of the Alexa top 10,000 domains. There were 8,121 potentially vulnerable web components in total.
"While some of these instances will have patches or other mitigating controls to prevent the identified vulnerabilities and exposures from being exploited,