What is Attack Surface Monitoring?
An attack surface is the sum of an organization’s internet-facing entry points that a threat actor can use to gain unauthorized access or launch cyber attacks from. Today, an organization’s attack surface is complex, sprawling far beyond an organization’s own networks as third party services are increasingly interconnected. Despite the level of integration these vendors have with the organization, often sharing systems and data, they may not share the same robust IT infrastructure. In turn, a third party service usually has its own third party services, resulting in a maze of online assets with varying security. A threat actor need only compromize a single supplier before they can move laterally to target the organizations they serve. Monitoring a third party’s attack surface is the only way to defend against the devastating consequences of a supply chain attack - you can’t protect what you can’t see.
Common Vulnerabilities in a Third Party’s Attack Surface
Threat actors will perform extensive reconnaissance through open sources and scanning tools to analyze an attack surface for vulnerabilities. Vulnerabilities they may find to exploit include:
Security Misconfigurations
If third-parties fail to conduct patching on apps and services, security gaps will be left unaddressed. The contents of patches are often public knowledge, providing threat actors with a handy list of entry points to exploit. What is more, many cloud services use a shared responsibility model for cyber security, leading to customer generated misconfigurations in the infrastructure which may permit unauthorized users access to third-party systems or data.
Forgotten Assets
An obsolete user account, API, or software is often forgotten about and, as a result, is not monitored or patched. This creates opportunities for actors to gain access to systems or inject malicious code that could impact a different organization within the supply chain.
Shadow IT
This is the term given to the applications, software, and devices that employees use without the explicit approval of the IT team. As they are unknown to the IT team, they cannot be protected by them, allowing threat actors easier access to a third party’s systems. Shadow IT has become especially prevalent as organizations embrace cloud and remote working.
Employee Information
Locating employees' emails and social media accounts provides an entry point for attackers. Threat actors can target employees with phishing attacks, in which emails impersonating sources of authority are sent to trick them into clicking malicious links or divulging personal information that can be used to infiltrate a system.
How Can You Combat Third Party Attacks?
Before onboarding or purchasing your third party service, it is critical to perform a comprehensive risk assessment that covers their cyber security systems and incident response. This way you can understand the risk they pose to your organization before they become a weak link in your attack surface.
Don’t give third party vendors more access than they need to complete the job. Organizations following this rule will reduce their attack surface.
Carry out regular pentesting to check your third party services for exploitable vulnerabilities to be remedied before they can be leveraged by true threat actors.
What Can Intel 471 Do?
Intel 471 will identify all known, unknown, and rogue assets within an attack surface. From a long-forgotten user account to a misconfigured wireless access point, you can locate all vulnerabilities for a third party supplier to address before a threat actor can gain access.
Changes to an attack surface will no longer fly under the radar. Intel 471 allows for regular automated scans of a third-party’s attack surface, so you can be alerted to any significant changes requiring attention. Eliminating the use of manual checks is also a time-effective solution to manually auditing a vendor, allowing you to redirect resources to where they are truly needed.
Get ahead of the attackers by being alerted to early warning signs of an attack through CTI. Intel 471 extends the monitoring of an attack surface into the cyber underground and interprets activity there for supply chain attack threats relevant to your vendors.
Indexing an attack surface is only one step in its protection. Threat actors are constantly evolving their techniques, tactics, and procedures to unearth vulnerabilities to abuse. Use the global presence of Intel 471’s analysts on the cyber underground to supply unique insight into the evolving TTPs of threat actors that may target your supply chains, so that you can prepare a proactive defense.
Intel 471’s Attack Surface Protection is a suite of three solutions that will render an attack surface transparent so you can carry out third-party risk monitoring to protect your organization. Attack Surface Protection will allow you to:
