What do hackers know about your attack surface?
The attack surface is the theoretical edge of your organization’s digital infrastructure that touches the internet. In an ideal world, security teams would know every inch of their organization’s surface and would proactively work to minimize any exploitable weaknesses in it.
The real world is very far from this, with attack surfaces being actively exploited by threat actors. 69% of organizations have experienced an attack targeting an unknown, unmanaged, or poorly managed internet-facing asset. For security teams, the question has become, what targets are in my attack surface and how can I prioritize remediation?
Protecting the attack surface
Attack Surface Management (ASM) is the practice of improving organizational security posture by eliminating external-facing exposed risks. Part of the challenge is the range of risks that could be encountered from a misconfigured firewall, out-of-date software, or exposed sensitive files.
Hackers can automate many parts of their workflow, enabling them to scan the internet, identify potential vulnerabilities, and execute their exploits. Automation has changed the game; in the past, which were often highly targeted and focused on “big game hunting” of international brand and financial institutions.
Today, attacks are carried out at scale, impacting multiple organizations in a single campaign. The MOVEit breach is a prime and very current example, to date there have been over 1,000 confirmed victim organizations. As security practitioners, we must consider how our ASM program operates, and how effectively it can prevent these threats.
How do hackers think?
Remediating every threat is an impossible task. The pace of business, driven by digital transformation, cloud migration and OT integration means that new exposures will continuously occur. The trick is to predict which will be targeted before threat actors have a chance to launch an attack.
From the threat actor’s perspective, not all vulnerabilities carry the same appeal. They want the maximum return for their effort. This means utilizing tactics, techniques, and procedures (TTPs) that have the highest probability of success.
What are the factors they consider:
- Has it worked in the past? If an attacks have successfully be executed in the past then there is a good chance that they will succeed again. This is the premise of Threat Intelligence, what can we anticipate about threat actor behaviour.
- Can it be automated? If the stages of an attack can be automated threat actors can become more efficient. The time saved enables them to attack more organizations, increasing the potential return from their campaigns.
- How many possible victims are there? The more widely deployed a vulnerable piece of software or how common a misconfiguration the greater the number of potential victims. Internet scanning tools can rapidly enumerate these for threat actors, helping them plan their attacks.
The hacker perspective
As cyber threats grow more sophisticated, with hackers using automation to amplify their campaigns, it's paramount for organizations to be proactive. This doesn't mean patching every vulnerability, but rather understanding the mindset of hackers, recognizing the most appealing targets, and anticipating their next moves.
By integrating the hackers perspective into the attack surface management it is possible to proactively remediate the threats that we will exploit. In this cyber chess match, staying several steps ahead of the adversary is not just a strategy – it's a necessity.
Join our webinar to learn more about the hacker perspective and how you can level up your offensive security.