Top
image credit: Pixabay

Protecting Your Expanding Attack Surface

June 22, 2021

Category:

As much of the global workforce rapidly transitioned to the remote work model, cybersecurity professionals faced an onslaught of new challenges—from securing remote devices to educating users on best practices for security outside the traditional office. But other factors were and still are also at play—according to Cybersecurity Ventures, total global data storage is projected to exceed 200 zettabytes by 2025. In addition to unprecedented amounts of data that need to be managed effectively, organizations are becoming increasingly interconnected, supply chains are expanding, and the reality is that your business is only as secure as your weakest third-party vendor.

Given this ever-evolving business and IT landscape, how are top organizations protecting the expanding attack surface? First, consider these recent instances where sophisticated bad actors capitalized on vulnerabilities and IT teams failed to stop them.

Sophisticated, modern—and successful—attacks

Throughout the now-infamous SolarWinds hack, an estimated 18,000 users may have downloaded the malicious ‘software update’ between March and June of 2020.

“It’s one of the most effective cyber-espionage campaigns of all time. [The hackers] demonstrated not just technical acumen, but the way they did this demonstrated that they understand how tech companies operate, how software companies operate. . . . This certainly is going to change the way that large enterprises think about the software they install and think about how they handle updates.”

This is according to Alex Stamos—director of the Internet Observatory at Stanford University and the former head of security at Facebook—in an interview with NRP.

In a statement on May 27, 2021, Microsoft announced that NOBELIUM—the entity behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, and GoldMax malware—had struck again, and, this time, putting individuals at risk. Disguising itself as a US-based organization, and leveraging Constant Contact—a legitimate mass-mailing service—NOBELIUM distributed malicious URLs en masse. Essentially, this development means that the nefarious entity is still very much active and a threat to be taken seriously.

Colonial Pipeline, the US operator, was also the victim of a widely reported, devastating attack—in this event, ransomware was the method used to shut down 5,500 miles of pipeline.

Speaking with The New York Times on the matter, Ulf Lindqvist—a director at SRI International who specializes in threats to industrial systems—said, “We’ve seen ransomware start hitting soft targets like hospitals and municipalities, where losing access has real-world consequences and makes victims more likely to pay . . . We are talking about the risk of injury or death, not just losing your email.”

Be the organization that prevents the next attack

Now that you’ve had a recap on recent cyberattacks, it’s time to focus on stopping the next one.

First, it’s important to note that most businesses have a variety of vulnerable Internet-facing resources that they aren’t even aware of. Your attack vectors—the landmarks or breach methods on your attack surface—spread beyond the perimeter. As reported by Dark Reading, RiskIQ conducted a study, which found that:

“A quarter of the top 10,000 Alexa domains had servers running at least one vulnerable web component and that the largest companies typically had more than 300 expired certificates, more than 700 potential development testing sites accessible from the Internet.”

Because of this, you need to conduct a broad analysis—instead of taking a closeup, high-resolution approach to securing each of your attack vectors, step back and begin identifying them categorically. This table shows that they’re going to stem from the following sources (left), and these are the ways you can avoid them (right):

Sources Solutions
APIs Use tokens, encryption, and signatures. And ask: Have new changes been implemented? What holes could have opened? Build the relationship with your third-party vendor, because open communication is key.
Brute force attack Strengthen your encryption.
Compromised passwords/credentials Optimize (and vigilantly enforce) your password policies and consider using two-factor authentication.
Distributed denial of service (DDoS) Use CDNs, reverse proxies, HA proxies, etc., putting layers of defense between systems.
Encryption Routinely confirm all your protocols are up-to-date and secure.
Insiders Collaborate with HR to establish and enforce protocols, while optimizing your identity and access (IAM) strategy.
Malware Keep pace with modern security best practices (with sources like the Center for Internet Security), and work to eliminate holes in your strategy (or consider a security provider, such as these—recommended by Gartner).
Phishing Find a trusted source that can keep you informed on the latest phishing attempts (e.g. The Daily Swig), then effectively and routinely communicate these to employees, so they can remain aware.
Weak and stolen credentials Track password hygiene to identify high-risk users, and work with HR to enforce better practices on all their devices.
Ransomware Keep your operating system patched and up-to-date, while creating (and enforcing) policies on not installing software or giving it privileges until you’ve been able to evaluate it.

Conclusion 

Systematically work through the table above, share it with your team, and adopt a mindset of incremental progress. It’s important to remain dynamic, because bad actors are constantly learning and evolving; therefore, your strategy will need to maintain malleability. Ultimately, by following these steps—and even throwing on your black hat to assume a hacker’s perspective—you’ll be well on your way to continued enterprise security.