Who’s following your footsteps?
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War.
For many people, Threat Intelligence means understanding our adversaries. By laying bare how hackers target, plan and execute attacks, organisations hope to fight them more effectively: making better informed choices and taking the right defensive actions when it comes to security. This almost primeval urge to know our enemies is completely understandable. Yet, without a clear knowledge of our own environments, we can’t hope to make the most of Threat Intelligence about adversaries. Only by first understanding ourselves can we evaluate the true importance of emerging threats and vulnerabilities. This philosophy is at the heart of our Greater Intelligence service. We want to know our customers better than they know themselves, so we can create true Threat Intelligence. By putting information about external threats firmly in the context of a customer’s internal IT estate, we can understand and prioritise vulnerabilities, and provide the right advice on remediation.
To better understand our customers, we’ve borrowed a page from the hackers themselves. When planning an attack, cybercriminals conduct detailed reconnaissance: mapping the victim’s infrastructure, searching for weak security controls, identifying misconfigurations and scanning for vulnerabilities. We conduct exactly the same kind of reconnaissance when on-boarding a new customer. We follow the trail of cyberspace breadcrumbs about them to reveal the vulnerabilities that an attacker would be able to spot. We call this process ‘Internet Footprinting’. It maps all the outward-facing systems an organisation depends on to operate online, such as domain name registrations, email servers and customer-facing websites. With detailed insights into a customer’s Internet-facing infrastructure and our knowledge of the common security issues these systems face, we can identify the risks that matter. Then it’s all about helping customers take the right steps to protect themselves and make their Internet Footprint as hazy as possible to outside observers scanning for vulnerabilities.
Looking for weaknesses
Since online services often connect to customers and stakeholders, any breach in their confidentiality, integrity or availability can have catastrophic business implications. That’s why we recently digitally footprinted a number of SMEs across a range of different industries to see if any similarities or interesting patterns emerged. The biggest risks to the cross-section of organisations we examined came from two areas: web applications and social engineering. Here are our findings:
Many of the organisations we footprinted shared critical dependencies on common web infrastructure. For instance, we found web servers host an average of two websites each – although, in one case, 47 websites were hosted on a single server! Similarly, 85% of websites we surveyed made use of just one IP address. This raises the chance of a single point of failure creating a huge knock-on effect across a business.
A host of vulnerabilities were also immediately apparent in the web applications we surveyed, making the likelihood of sensitive data exposure far higher. Only 12% of the websites we examined ran SSL – the standard security technology for establishing an encrypted link between a web server and a browser. Meanwhile, 71% of websites were interactive, but only 61% of these had valid SSL certificates.
Anti-social Social engineering manipulates legitimate users into compromising confidential information. Spear-phishing is probably the best-known example, where cybercriminals use publicly available information to create a highly believable, personalised email that lures users into clicking on malicious links or accessing attached malware. For instance, a CFO might receive an email, apparently from the CEO, with an Excel attachment claiming to contain financial information about a competitor. If that doesn’t work, the attacker might try a malicious link relating to a conference the victim has just registered to attend. We found a huge exposure to social engineering amongst the SMEs we surveyed. Each had leaked an average of 36 personal email addresses online, with around 10% of those compromised in high-profile breaches, such as the Adobe.com hack.
We’re planning to go into more detail on all our findings in the future, so stay tuned. In the meantime, rest assured there are ways to mitigate and control all the risks organisations face online. If you’re ready to make the most of Threat Intelligence to secure your organisation more effectively, discover how we can help here.