What Threat Actors See In Your Attack Surface That You Don’t

Attack surface intelligence should predict and devise strategies to mitigate the most critical risk first.  

Post by Rajarshi Mitra In Security on Jul 20, 2020

As companies race to go digital, offering connectivity and interoperability like never seen before, they are inviting opportunistic and sophisticated threat actors to exploit risks beyond the perimeter. These are risks natural to rapid expansion in a company’s’ digital footprint. Those that come prepackaged with trading off security controls in the favor of getting online faster, to meet customer demands. Risks that lurk in the shadows. The ones they can’t always see, but bad actors do.

Welcome to the scary world of digital attack surface.

What is your digital attack surface? 

An attack surface is a collection of the weak points an attacker can use to gain entry or extract data. Since exploiting just one vulnerable point can cost companies millions in damaged systems and lost revenues, IT and SecOps teams need to maintain—or obtain—a critical outside-in perspective. 

In an article for Tripwire, Katherine Brocklehurst notes that any typical attack surface has three main areas of exposure—software, networks, and people.  

attack-surface-discovery

Stephen Northcutt of  SANS Security Laboratory adds that the following are the examples of weak points in real-world attack surfaces: 

“Many breaches begin with an exploit directed at humans, and it’s very clear that malicious intent, inadvertent errors, and misplaced trust can all be exploited to cause great harm. Examples of successful attacks vary widely (most notably phishing and spear-phishing).” 

The human component proves the most challenging category to quantify. As Brocklehurst says:  

  • Openports on outward-facing web servers. 
  • Services inside the firewall perimeter 
  • Code that processes any incoming data like email, XML, office documents, etc. 
  • Any employee who has access to sensitive information

Thus, companies need a constant view of these areas to maintain peace of mind and avoid catastrophic losses.  

Case in point: Ethereum 

Ethereum is the second biggest cryptocurrency in the world. Along with being a simple payment tokenEthereum also happens to be a platform where developers can create their decentralized applications, aka, dApps. One of these dAppsThe DAO, was to be a decentralized venture capital fund that would fund future dApps made in Ethereum’s system. 

The potential here was immense and people jumped on the proverbial gravy train accumulating $150M worth of Ether within 28 days of its formation.Then a hacker exploited a weakness in The DAO to make off with $50M worth of Ether by launching a re-entrancy attack. The debate over whether to stick with the original protocol or opt for a new implementation ultimately split the Ethereum community in two.  

What you can do about it?

 Three steps should be taken to manage your dynamic attack surface:  

  • Visualize your system by mapping out all the devices, paths, and networks
  • Plot indicators of exposures with the map visualized above 
  • Continue discovering any and all indicators of compromise and whether attacks have already succeeded

Netenrich’sproprietary Attack Surface Intelligence (ASI) continuously monitors your attack surface by assessing domains, certificates, IPs, vulnerabilities, and more to answer questions such as: 

  • How does my business look from a hacker’s perspective?
  • Do we have complete visibility over our external digital brand risk?
  • What attacks are we vulnerable to now and in the future? 
  • Do we have a compromised infrastructure? Assets we don’t know about?
  • Which risks should we mitigate first? 
  • What changes can we make to preempt future attacks?
  • Do we have open or misconfigured ports? Is the DNS associated with servers hosted or owned by you? How many subdomains does our domain currently have?

Above all, the true value of attack surface intelligence lies in applicability. Rather than add to your IT or SecOps team’s workload, attack surface intelligence should include a means of prioritizing and devising strategies to mitigate the most critical risk first.  

To get started, try our ASI. Leverage our technology and teams of experts to receive expert insight on your organization’s most critical risk areas. Empower yourself to take action before “they” do. 

CONNECT WITH US

About Author

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat, catching up on the latest Netflix docu-series.....or watching Harry Potter for the 5781241516th time.