1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

6/13/2020

0 Comments

Cyberattack Surface Widens As World Sees Increase in Remote Work

 
attack surface

Cyberattack Surface Widens As World Sees Increase in Remote Work

With much of the world now working remotely and likely to remain this way after the COVID-19 pandemic, the attack surface that could be exploited by cyberattackers has widened, a new study showed.

A new study by RiskIQ showed that with much of the global economy being run from homes, attackers now have far more access points to probe and exploit. Attack surface, as defined in the study, refers to everything that needs defending, starting from inside the corporate network and extending all the way to the internet and into the homes of workers working from home. RiskIQ identified the following attack areas:

Web-Based Attack Surface

Across the internet in just over two weeks, RiskIQ observed 2,959,498 new domains (equivalent to 211,392 per day) and 772,786,941 new unique hosts to the web (equivalent to 55,199,067 per day). New domains, also known as new websites, and new unique hosts to the web, according to RiskIQ, represent as possible targets for threat actors.

RiskIQ found that 2,480 of the Alexa top 10,000 domains were running at least one potentially vulnerable web component, and 8,121 potentially vulnerable web components in total were found in the Alexa top 10,000.

To highlight the attack surface faced by organizations, RiskIQ conducted a study on the companies that comprise the FTSE-30 – a group of 30 large-cap organizations in the UK. RiskIQ found that on average, each FTSE-30 organization has 324 expired certs, 25 SHA-1 certs, 743, potential test sites, 28 insecure login forms, 385 total insecure forms, 46 web frameworks with known vulnerabilities, 80 PHP 5.x instances with end of life (EOL) end of the year, and 664 web servers at release levels with known vulnerabilities.

In addition, last March, with the spike of online shopping due to COVID-1, RiskIQ reported that it detected a 30% increase in Magecart skimmers – a type of cyberattack that involves digital credit card theft by skimming online payment forms.

Modern websites are made up of common features such as underlying operating systems, frameworks, third-party applications, plugins, and trackers. "This commonality of approach is attractive to malicious actors, as a successful exploit written for a vulnerability or exposure on one site can be reused across many sites," RiskIQ said.

A recent report from Verizon Data Breach Report, showed that external-facing web applications, in which network security tools have no visibility, were exploited the most by cyberattackers.

Remote Access Attack Surface

According to RiskIQ, the rush to stand up new systems outside the firewall to enable a remote workforce has expanded attack surfaces quicker, with virtual private network (VPN) usage surged 112% over just six weeks, and a 26.11% increase in Microsoft Remote Access Gateway instances, peaking around March 20 when stay-at-home orders took full effect.

RiskIQ found that on average, each FTSE-30 organization has 45 mail servers, 7,790 cloud-hosted apps (Amazon and Azure), 26 potentially vulnerable Citrix Netscaler instances, 8 potentially vulnerable Palo Alto GlobalProtect instances, 9 potentially vulnerable Pulse Connect instances, 25 potentially vulnerable Fortinet instances, and 1,464 remote access service instances.

Mobile Attack Surface

There's more to mobile apps than Apple and Google Play Mobile App Stores as there are hundreds of online stores in which threat actors sell their mobile apps. RiskIQ said malicious actors compromise legitimate apps and launch fake apps in other app store ecosystem and the open internet.

In 2019, RiskIQ found 170,796 blacklisted mobile apps across 120 mobile app stores and the open internet. Eighty-six percent of the blacklisted apps, RiskIQ said, claimed the READ_SMS permission, which allows the app to read messages and can be used for nefarious activities such as circumventing two-factor authentication.

Social Engineering Attack Surface

Social engineering refers to the impersonation of domains, subdomains, landing pages, websites, mobile apps, and social media profiles to trick employees and consumers in installing malicious software (malware) or into giving up login credentials and other personal information.

In the first quarter of 2020, RiskIQ identified 21,496 phishing domains impersonating 478 unique brands. For the same period, it also identified 720,188 instances of domain infringement across 170 unique brands. RiskIQ noted that 317,000 new websites related to “COVID-19” or “coronavirus” in the two weeks between March 9 and 23.

Cybersecurity Best Practices in Securing Your Organization's Attack Surface

Traditional cybersecurity measure uses a firewall that acts as a barrier between a trusted internal network and untrusted external network such as the internet. The COVID-19 pandemic and the resulting government-mandated stay-at-home measure leaving organizations no option but to allow workers to work from home, has widened the attack surface as the boundaries of what are inside the firewall and what are outside the firewall are no longer clear.

Here are some cybersecurity best practices in securing your organization's attack surface:

  1. Keep All Software Up to Date

Whether it's for the web, mobile or operating systems, all software used for these platforms should be kept up to date. Failure to apply the latest software update leaves this attack surface vulnerable for attack.

  1. Full Inventory of Digital Assets Connected to Internal Network

Malicious actors can simply probe into your organization's vulnerable internet-connected assets by conducting a simple internet scan. It's important to conduct a regular full inventory of these internet-connected assets, determining, for instance, what assets need software update.

  1. Early Detection of Infringing Assets

Early detection of social engineering attempts that impersonate your organization's domains, subdomains, landing pages, websites, mobile apps, and social media profiles that target your employees and customers and letting them know about these social engineering attempts is one of the effective measures in disrupting

targeted campaigns.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit