Threat Trends
6 mins
In June, Hadrian's CEO, Rogier Fischer, discussed the future of cybersecurity at London Tech Week. He was joined by Martin Borrett from IBM and Alonso Bustamante from Cloudflare.
One point was clear, organizations can no longer rely on “security by obscurity”. The concept is based on the principle that by hiding your assets on the internet and dissociating them from your organization you can achieve a level of security. In this blog, we explore why security by obscurity no longer works and what you can do to stay secure.
Why security by obscurity fails
The focus of modern hackers has shifted. Now they often focus on compromising specific technologies instead of targeting individual companies. The reason for this is multifold:
- Some technologies, such as WordPress, are widespread. By developing an exploit for a single technology multiple organizations can be compromised.
- Patch management strategies can be poor, leaving technologies with exploitable vulnerabilities exposed to the internet;
- The vulnerability scanners used by some organizations can not detect misconfigurations, as a result, targets can be breached due to being outdated or improperly configured.
"Malicious hackers are not necessarily targeting companies anymore they’re targeting technologies [...] if you are running the wrong software that is vulnerable [...] an Initial Access Broker will find that bug and sell it on."
by Rogier Fischer, CEO at Hadrian
Increasingly, these attacks are performed by a new class of cybercriminals, known as Initial Access Brokers (IAB). IABs sell access to the companies they hack to other cybercriminals.
Who are Initial Access Brokers
Initial Access Brokers are cyber criminals with a unique specialization: they are experts in gaining and selling access to compromised systems. A startling increase was observed last year, with the number of organizations falling prey to such unauthorized system access sales estimated to have doubled. Emerging only two years ago, these groups have significantly reshaped the cyber threat landscape.
In contrast to Ransomware-as-a-Service (RaaS) groups, which operate throughout the entire kill chain, IABs concentrate primarily on the initial stages of an attack. This often encompasses the first 3-5 stages, as defined by the MITRE ATT&CK matrix. IABs infiltrate companies, acquire system access, and then vend this access on the dark web to RaaS groups. This approach allows RaaS groups to use their resources better by focusing on encrypting data and extorting victims.
Initial Access Brokers often focus on compromising specific technologies instead of targeting individual companies. By targeting widely used technologies, IABs can cast a wider net than traditional threat actors, compromising more organizations. These groups play a crucial role in increasing cybercrime.
How to prevent modern attacks
Ensure your technologies are up-to-date, and vulnerabilities are patched timely:
Regularly update and patch all software, including operating systems, applications, and plugins. Implement a robust vulnerability management program to identify and remediate vulnerabilities promptly. Augment your vulnerability management processes with attack surface management to monitor for risks.
Build robust, secure codes:
Follow secure coding practices and frameworks to develop software with built-in security measures. Implement security controls, such as input validation, output encoding, and proper error handling, to prevent common coding vulnerabilities like SQL injection, cross-site scripting (XSS), and buffer overflows. Conduct regular code reviews and internet-facing applications to identify and fix any security flaws.
Employ threat intelligence to understand potential weaknesses:
Leverage threat intelligence feeds, both internal and external, to gather information about known attack vectors, emerging threats, and indicators of compromise (IOCs). Use this intelligence to assess your organization's vulnerabilities and proactively identify potential weaknesses that could be exploited. Regularly update your threat intelligence sources and incorporate this knowledge into your security defenses.
Use continuous automated ethical hacking to test your defenses:
Employ automated vulnerability scanning tools and ethical hacking techniques to continuously test your systems, applications, and networks for vulnerabilities and misconfigurations. Implementing an ongoing testing process allows you to address vulnerabilities and improve your security posture in a proactive manner.
Unlike conventional vulnerability scanners that operate on a single plane, Hadrian's Orchestrator AI takes advantage of a multidimensional scanning approach. This innovative technique involves linking the output of one module to the input of another, creating a complex network of interconnected information. As a result, Orchestrator AI provides a much more comprehensive and detailed understanding of your vulnerability to potential threats.
You can watch the full recording of London Tech Week's “Securing your Organization: Exploring Effective Strategies for ASM” panel discussion on the resources page.
