As technology advanced and its use for businesses expanded, attackers found new motivation to hone their attack skills. Today, attackers can perform website injections and target users via waterholes or spear phishing.
They can also exploit third party software or apps to deliver mobile malware and hack company social media accounts. So, the number of attacks an attacker can accomplish has significantly increased as the attack surface has evolved over time.
Gartner’s Hype Cycle for Network Security 2021 reveals that as network infrastructure gets more complex, attacks pose serious threats that can lead to data loss and brand damage.
Hence, companies need to intensify their attack surface management by deploying security measures. Read on to learn about the attack surface and reducing risks to your organization.
What is an Attack Surface?
An attack surface is any of the different points that an unauthorized user could enter into or extract data from a system. Over the years, companies have carried out business processes through infrastructure assets and websites. Although there is a risk that comes with this, we’ve seen an increase in complexity associated with attack surfaces because of new digital channels.
In addition to websites and infrastructure, we currently work with a variety of mobile applications, social media, cloud-based services, controls, and the Internet of Things (IoT). Attack surface management is more critical than ever for businesses, especially in the current era of the work from home, and bring-your-own-device work cultures.
Why is the Attack Surface important to your organization?
The attack surface has become more complex because we have more channels to monitor and secure. Business websites are increasing, and web applications are multiplying, with a greater use of cloud computing – and higher risks of losing data to attacks.
Now that most people have a mobile phone, at least in North America and large parts of Europe, mobile applications have become another interesting channel that attackers could use. Then, there’s social media: more companies are using social media to share information, generate leads and engage customers, So, it is another entry point perfect for attacks.
The above risks are why understanding the attack surface is critical to your organization. You need to keep track of your attack surface, ascertain your risks, and put updated security measures in place to mitigate threats.
Threats associated with the Attack Surface
Several threats can impact your attack surface. To fully appreciate these threats, we will group the attack surface into categories and highlight the threats associated with each group.
Keep reading to see the threats you should watch out for.
Your attack surface can be grouped into:
- Known:
These are assets accounted for and owned by the organization or technical controls. Although these assets are visible in the network and have mitigating controls in place, they can still get compromised and cause your organization a great loss.
Threats
Below are some ways your known devices can be compromised.
- Web:
Defacement: In web defacement, attackers penetrate your website and replace website content with malicious messages. They usually gain access to your website by taking control of admin emails through hacking, phishing, or other social engineering tactics.
Account compromise: Here, attackers hack employees’ email accounts to access the organization’s list of customers, suppliers, investors, partners and other employees. Then, they can request payments from these parties through the email address.
Unauthorized content: This is also a type of web defacement. In this case, attackers log into your website and upload silly, unrelated and sometimes offensive content. They do this to tarnish your brand image and dissuade customers from doing business with you.
Phishing: This is a type of social engineering in which targets are contacted by email, telephone or text message by a person posing as a legitimate organization to lure them into providing sensitive data (such as personally identifiable information, banking and credit card details, and system login details).
- Mobile:
Unauthorized connectivity: Connecting work or personal devices to an insecure network is one of the ways employees may expose your network to attackers.
- Social:
Ad delivery: Some ads are attempts by attackers to get into your system. Employees must always be very careful about clicking ads that tell you that you’ve won a lottery.
Third party code: Attackers can intercept third party codes (example codes sent to a WhatsApp account) and access your employees’ or organization’s social media accounts.
Redirections: A redirection attack is a kind of threat that redirects you away from the website you assessed. It usually goes together with a phishing attack. In this attack, you could end up in a malicious clone page that will try to harvest your data or login details.
- Unknown:
These are assets that are not accounted for by the organization, but have an association.
Threats
Here are the threats you should expect from unknown devices:
- Web:
Shadow IT: Shadow IT is using IT related hardware or software without the knowledge of the IT or security group within the organization. It includes cloud services, software, and hardware and poses a huge threat if the individual seeks to harm the company.
Mergers and acquisitions: Following mergers and acquisitions, new devices (that may not be following the same security protocols) are introduced into your network.
Orphaned IT: Inactive or orphaned accounts still enabled in the network pose a threat to the organization because attackers can infiltrate your network through them.
Internet of Things: A variety of IoT threats can hit you when you’re not looking. A few examples include: denial of service, ransomware, data breach and so on.
- Mobile:
Applications sprawl: Accumulating many applications over the years without proper maintenance and support provides loopholes that attackers could exploit.
Unauthorized access: Using public wifi or leaving phones unlocked can give strangers access to devices and all the sensitive information contained in them.
- Social:
Unauthorized accounts: These are social accounts created without the permission of the organization and are used to exploit the organization customers or employees, e.t.c
Legacy accounts: Legacy accounts or accounts usually operated by third parties can be breached easily when an attacker gains control over them.
Unclaimed accounts: These are existing accounts that have not been operated over a long period. Attackers can find these accounts and take control over time – as owners.
- Rogue:
Assets by attackers to harm the organization, their customers, or employees.
Threats
The following are threats associated with rogue devices:
- Web:
Malware: This is a software solely created by a malicious actor to cause disruption to an organization’s computer network for the purpose to steal private information, gain unauthorized access or deprive the organization users access to information.
IP/Brand infringement: Attackers can steal a brand’s intellectual property to deceive unsuspecting customers. For instance, organizations often report that there are sites that use their logo and branded content to get login details or other data from customers.
Credential Theft: Malicious actors use different attack vectors like phishing or brute force to harvest an organization or individual’s login details with the intent to steal critical data.
- Mobile:
Copycat Apps: To exploit their customers, attackers create a clone of the organization’s mobile app and use it to harvest data or defraud unsuspecting customers.
Fake Apps: Similar to copycat apps, these are apps that look like or are pretty similar to existing apps. They are created to deceive customers and in some cases, employees.
App modification: These are modifications to existing apps to make users susceptible to phishing attacks. Attackers modify apps by exploiting vulnerabilities in these apps.
- Social:
Fraud: Sometimes, attackers pose as the organization on social media by creating copycat profiles of company execs or the organization to defraud customers.
Malware: Links to downloading malware are sometimes shared via social.
Infringement: By hacking other users on the network, attackers can gain access to social media accounts and pose as the organization to tarnish their reputation and band image.
How to Reduce Risks to Your Organization
It’s not all doom and gloom, as it may look like. You can still protect your organization from these attacks. Below are some ways you can reduce risks to your business.
- Take an accurate, up-to-date inventory of assets owned by the business. This includes web, mobile, social assets and those from 3rd-parties.
- Patch all vulnerabilities in your network and use mitigating controls.
- Reduce orphaned assets or those lacking clear ownership.
- Monitor all digital channels for potential impact on the organization. This includes web, mobile, social, dark web locations for mention of brand, specific keywords or partners.
- Apply security controls to assets and limit partner exposure.
What is Attack Surface Management?
Attack Surface Management is a security solution that limits your attack surfaces’ exposure to external access by advanced and automated reconnaissance tools. It is a continuous process that scans internal and external environments to catalog all assets of an organization’s IT infrastructure exhaustively.
Attack surface management takes up an attacker’s viewpoint to cover all exposed assets, including the internet and discoverable assets in supply chains.
Why you need an Attack Surface Management solution today
Technology advancement such as increased reliance on external services, abrupt societal change, such as the massive move to work from home, and the acceleration of the threat landscape expansion is creating a perfect mix for turning unknown assets into time bombs.
While security teams still often focus on reducing the attack surfaces, without an adversarial-based discovery process such as an attack surface management solution, the reduced surface fails to include unknown assets. Cyberattackers have no uneasiness about using advanced reconnaissance tools that will reveal those unseen exposed assets.
Below are the different types of attack surface management solutions you should explore.
- MITRE ATT&CK framework: MITRE ATT&CK® framework is a bank of information on attack tactics based on real-world observations. It is open to any person or organization for use at no charge. MITRE’s vision is to bring people together to develop more effective cybersecurity and create a safer world. Your teams should check their resources out to stay updated with attack techniques and how best to mitigate them.
- An attack surface management tool: An attack surface management tool helps you discover and mitigate what attackers can exploit in the reconnaissance phase of an attack. You need it to stay many steps ahead of attackers. These tools work by scanning and analyzing your system for threats and vulnerabilities that can be used in attacks. Then, it helps you remediate vulnerabilities and reinforce existing security protocols.