Thinking Like a Hacker: The Foundation of Cyber Resiliency

The modern cybersecurity battleground, organization’s attack surface has expanded beyond conventional security tools. Hackers have taken note and are increasingly exploiting vulnerabilities in internet-facing assets. One might wonder: How do we secure the digital edge and increase cyber resliency? The answer, lies in adopting the mindset of our adversaries—thinking like a hacker.

The Evolution of the Attack Surface

The evolution of the attack surface has strained cyber resiliancy. An Enterprise Strategy Group survey cast a spotlight on the drivers of the ever-expanding attack surface:

• Increased IT connections with third parties (31% of organizations): In the pursuit of synergies and collaborations, organizations are integrating with external partners. While this boosts operational efficiency, it also paves the way for new security vulnerabilities.
• Increased use of IoT/OT (27% of organizations): Devices are smarter, and every connected device, from your refrigerator to a city's traffic light system, is a potential entry point for cyber adversaries.
• Increased use of public cloud infrastructure services (25% of organizations): Cloud platforms offer unmatched scalability and operational advantages, but they come with a unique set of security challenges that differ from traditional infrastructure.
• Increased amount of sensitive data that needs to be stored, monitored and protected (25% of organizations): The digital age is synonymous with data. This invaluable data, if not adequately protected, can be a goldmine for cybercriminals.
• Increased remote worker population (23% of organizations): The COVID-19 pandemic pushed organizations to embrace remote work, leading to potential security oversights due to rapid deployment.

For many organizations these changes are part of one way digital transformation projects, and in the future these trends can be expected to continue. With expanding attack surfaces come challenges which security teams have traditionally struggled with.

Reflections from History: The Tale of Equifax

History is a valuable teacher, and the Equifax breach serves as a grave reminder of what can happen when an attack surface is not secured. Many believed that Equifax's infamous breach in 2017 was due to their delay in applying a necessary patch, which allowed attackers to exploit this lapse. This assumption wasn't unfounded, as many companies are known to be sluggish in updating their systems, often taking weeks or even months to do so.

However, the real issue wasn't a delay in patching. The root cause was Equifax's inability to identify the presence of the Struts component within their environment. While Equifax had a seemingly robust security protocol in place, their internal operations lacked the refinement born from learning through repeated setbacks.

History repeats itself in 2023

MOVEit Transfer, a commercial software used for secure file transfers, was discovered to be susceptible to a SQL injection flaw earlier this year. This vulnerability could let attackers without prior authentication get administrative rights, access files, and execute arbitrary code.

The Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) about the CL0P Ransomware Gang's exploitation techniques and the MOVEit flaw. 

Since the flaw's initial discovery in late May, there has been a nonstop string of data breach disclosures from organizations around the world. There are over 2,100 organizations that have been compromised as a result of the vulnerability to date. This underscores a concerning trend: even half a decade after the Equifax incident, many entities still face challenges in pinpointing and addressing security threats effectively.

Inside a Hacker's Mind

To mount a robust defense, organizations must first decode the threat actor's strategy:

• Scope: A hacker systematically scans the digital landscape, seeking vulnerabilities—be it an exposed server or a seemingly innocuous piece of software code.
  Recommendation: Continuously reassess the digital infrastructure. How has it evolved? What are the new potential vulnerabilities?

• Context: Every piece of data, from the minutiae to substantial disclosures on the dark web, is potential ammunition for an attacker.
  Recommendation: Dive deep into data. How could each internet-facing asset, if exploited, impact the organization?

• Assessments: With a trove of potential vulnerabilities, hackers prioritize. Which vulnerability offers the highest reward with the least effort?
  Recommendation: Conduct in-depth risk assessments on a regular basis. Which vulnerabilities pose the most significant threat? Which ones can be exploited easily?

• Validation: Before an actual attack, the hacker ascertains the exploitability of a vulnerability.
  Recommendation: Ensure that the perceived threat of each vulnerability is an actual risk. Verify that it is exploitable before prioritizing it for remediation.

• Remediation: Can they exploit a vulnerability before an organization patches it?
  Recommendation: Time is a luxury that cybersecurity professionals don't have. Swift action is paramount to preempt potential cyber attacks.

Embracing the hacker perspective

In the intricate dance of cyber warfare, thinking like a hacker transcends being a mere strategy—it's the bedrock of cyber defense. By anticipating moves, understanding motives, and preempting strategies, organizations can construct an unyielding fortress in the digital domain. It's time we flipped the script and used the hacker's playbook to our advantage.