{"id":18827,"date":"2022-04-21T09:00:37","date_gmt":"2022-04-21T17:00:37","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/04\/21\/news-12560\/"},"modified":"2022-04-21T09:00:37","modified_gmt":"2022-04-21T17:00:37","slug":"news-12560","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/21\/news-12560\/","title":{"rendered":"Discover the anatomy of an external cyberattack surface with new RiskIQ report"},"content":{"rendered":"<p><strong>Credit to Author: Christine Barrett| Date: Thu, 21 Apr 2022 16:00:00 +0000<\/strong><\/p>\n<p>The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against internet-facing systems have served as a wake-up call. Now that Zero Trust has become the gold standard for enterprise security, it&#8217;s critical that organizations gain a complete picture of their attack surface\u2014both external and internal.<\/p>\n<p>Microsoft acquired RiskIQ in 2021 to help organizations assess the security of their entire digital enterprise.<sup>1<\/sup> Powered by the RiskIQ Internet Intelligence Graph, organizations can discover and investigate threats across the components, connections, services, IP-connected devices, and infrastructure that make up their attack surface to create a resilient, scalable defense.<sup>2<\/sup> For security teams, such a task might seem like trying to boil the ocean. So, in this post, I&#8217;ll help you put things in perspective with <strong>five things to remember when managing external attack surfaces.<\/strong> Learn more in the <a href=\"https:\/\/www.microsoft.com\/security\/business\/security-insider\/anatomy-of-an-external-attack-surface\/five-elements-organizations-should-monitor\/\">full RiskIQ report<\/a>. <\/p>\n<h2>Your attack surface grows with the internet<\/h2>\n<p>In 2020, the amount of data on the internet hit 40 zettabytes or 40 trillion gigabytes.<sup>3<\/sup> RiskIQ found that every minute, 117,298 hosts and 613 domains are added.<sup>4<\/sup> Each of these web properties contains underlying operating systems, frameworks, third-party applications, plugins, tracking codes, and more, and the potential attack surface increases exponentially.<\/p>\n<p>Some of these threats never traverse the internal network. In the first quarter of 2021, 611,877 unique phishing sites were detected,<sup>5<\/sup> with 32 domain-infringement events and 375 total new threats emerging per minute.<sup>4<\/sup> These types of threats target employees and customers alike with rogue assets and malicious links, all while phishing for sensitive data that can erode brand confidence and harm consumer trust.<\/p>\n<blockquote class=\"wp-block-quote\">\n<p><strong><em>Every<\/em> <em>minute<\/em>, RiskIQ detects:<\/strong><sup>4<\/sup><\/p>\n<p>\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 15 expired services (susceptible to subdomain takeover)<\/p>\n<p>\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 143 open ports<\/p>\n<\/blockquote>\n<h2>A remote workforce brings new vulnerabilities<\/h2>\n<p>The COVID-19 pandemic accelerated digital growth. Almost every organization has expanded its digital footprint to accommodate a remote or hybrid workforce. The result: attackers now have more access points to exploit. The use of remote-access technologies like Remote Desktop Protocol (RDP) and VPN has skyrocketed by 41 percent and 33 percent respectively as the pandemic pushed organizations to adopt a work from home policy.<sup>6<\/sup><\/p>\n<p>Along with the dramatic rise in RDP and VPN usage came dozens of new vulnerabilities giving attackers new footholds. RiskIQ has surfaced thousands of vulnerable instances of the most popular remote access and perimeter devices, and the torrential pace shows no sign of slowing. Overall, the National Institute of Standards and Technology (NIST) reported 18,378 such vulnerabilities in 2021.<sup>7<\/sup><\/p>\n<h2>Attack surfaces hide in plain sight<\/h2>\n<p>With the rise of <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/09\/20\/a-guide-to-combatting-human-operated-ransomware-part-1\/\">human-operated ransomware<\/a>, security teams have learned to look for smarter, more insidious threats coming from outside the firewall. Headline-grabbing cyberattacks such as the 2020 <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/09\/28\/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity\/\">NOBELIUM attack<\/a> have shown that the supply chain is especially vulnerable. But threats can also sneak in from third parties, such as business partners or controlled and uncontrolled apps. Most organizations lack a complete view of their internet assets and how they connect to the global attack surface. Contributing to this lack of visibility are <strong>three vulnerability factors:<\/strong><\/p>\n<ul>\n<li><strong>Shadow IT:<\/strong> Unmanaged and orphaned assets form an Achilles heel in today\u2019s enterprise security. This aptly named <a href=\"https:\/\/docs.microsoft.com\/defender-cloud-apps\/tutorial-shadow-it\" target=\"_blank\" rel=\"noreferrer noopener\">shadow IT<\/a> leaves your security team in the dark. New RiskIQ customers typically find approximately 30 percent more assets than they thought they had, and RiskIQ detects 15 expired services and 143 open ports every minute.<sup>4<\/sup><\/li>\n<li><strong>Mergers and acquisitions (M&amp;A):<\/strong> Ordinary business operations and critical initiatives such as M&amp;A, strategic partnerships, and outsourcing\u2014all of it creates and expands external attack surfaces. Today, less than 10 percent of M&amp;A deals contain cybersecurity due diligence.<sup>8<\/sup><\/li>\n<li><strong>Supply chains:<\/strong> Modern supply chains create a complicated web of third-party relationships. Many of these are beyond the purview of security and risk teams. As a result, identifying vulnerable digital assets can be a challenge.<\/li>\n<\/ul>\n<p>A lack of visibility into these hidden dependencies has made third-party attacks one of the most effective vectors for threat actors. In fact, 53 percent of organizations have experienced at least one data breach caused by a third party.<sup>9<\/sup><\/p>\n<h2>Ordinary apps can target organizations and their customers<\/h2>\n<p>Americans now spend more time on mobile devices than watching live TV.<sup>10<\/sup> With this demand has come a massive proliferation of mobile apps. Global app store downloads rose to USD230 billion worldwide in 2021.<sup>11<\/sup> These apps act as a double-edged sword\u2014helping to drive business outcomes while creating a significant attack surface beyond the reach of security teams.<\/p>\n<p>Threat actors have been quick to catch on. Seeing an opening, they began to produce rogue apps that mimic well-known brands or pretend to be something they&#8217;re not. The massive popularity of rogue flashlight apps is one noteworthy example.<sup>12<\/sup> Once an unsuspecting user downloads the malicious app, threat actors can use it to deploy phishing scams or upload malware to users\u2019 devices. RiskIQ blocklists a malicious mobile app <a href=\"https:\/\/www.riskiq.com\/resources\/infographic\/evil-internet-minute-2021\/\" target=\"_blank\" rel=\"noreferrer noopener\">every five minutes<\/a>.<\/p>\n<h2>Adversaries are part of an organization\u2019s attack surface, too<\/h2>\n<p>Today&#8217;s internet attack surface forms an entwined ecosystem that we&#8217;re all part of\u2014good guys and bad guys alike. Threat groups now recycle and share infrastructure (IPs, domains, and certificates) and borrow each other&#8217;s tools, such as malware, phish kits, and command and control (C2) components. The rise of crimeware as a service (CaaS) makes it particularly difficult to attribute a crime to a particular individual or group because the means and infrastructure are shared among multiple bad actors.<sup>13<\/sup><\/p>\n<p>More than 560,000 new pieces of malware are detected every day.<sup>14<\/sup> In 2020 alone, the number of detected malware variants rose by 74 percent.<sup>15<\/sup> RiskIQ now detects a Cobalt Strike C2 server every 49 minutes.<sup>3<\/sup> For all these reasons, tracking external threat infrastructure is just as important as tracking your own.<\/p>\n<h2>The way forward<\/h2>\n<p>The traditional security strategy has been a defense-in-depth approach, starting at the perimeter and layering back to protect internal assets. But in today&#8217;s world of ubiquitous connectivity, users\u2014and an increasing amount of digital assets\u2014often reside outside the perimeter. Accordingly, a <a href=\"https:\/\/www.microsoft.com\/security\/business\/zero-trust\">Zero Trust<\/a> approach to security is proving to be the most effective strategy for defending today\u2019s decentralized enterprise.<\/p>\n<p>To learn more, read <strong><a href=\"https:\/\/www.microsoft.com\/security\/business\/security-insider\/anatomy-of-an-external-attack-surface\/five-elements-organizations-should-monitor\/?rtc=1\">Anatomy of an external attack surface: Five elements organizations should monitor<\/a><\/strong>. Stay on top of evolving security issues by visiting Microsoft\u2019s <a href=\"https:\/\/www.microsoft.com\/security\/business\/security-insider\/\">Security Insider<\/a> for insightful articles, threat reports, and much more.<\/p>\n<p>To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/business\/solutions\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<div style=\"height:33px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<hr class=\"wp-block-separator is-style-wide\"\/>\n<p><sup>1<\/sup><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/07\/12\/microsoft-to-acquire-riskiq-to-strengthen-cybersecurity-of-digital-transformation-and-hybrid-work\/\">Microsoft acquired RiskIQ to strengthen cybersecurity of digital transformation and hybrid work<\/a>, Eric Doerr. July 12, 2021.<\/p>\n<p><sup>2<\/sup><a href=\"https:\/\/cisos-insiders.captivate.fm\/episode\/037-special-episode-ep2-topic-steve-ginty\" target=\"_blank\" rel=\"noreferrer noopener\">Episode 37, &#8220;Uncovering the threat landscape,&#8221; Steve Ginty, Director Threat Intelligence at RiskIQ<\/a>, Ben Ben-Aderet, GRSEE. November 29, 2021.<\/p>\n<p><sup>3<\/sup><a href=\"https:\/\/healthit.com.au\/how-big-is-the-internet-and-how-do-we-measure-it\/\" target=\"_blank\" rel=\"noreferrer noopener\">How big is the internet, and how do we measure it?<\/a> HealthIT. <\/p>\n<p><sup>4<\/sup><a href=\"https:\/\/www.riskiq.com\/resources\/infographic\/evil-internet-minute-2021\/\" target=\"_blank\" rel=\"noreferrer noopener\">The 2021 Evil Internet Minute<\/a>, RiskIQ.<\/p>\n<p><sup>5<\/sup><a href=\"https:\/\/www.statista.com\/statistics\/266155\/number-of-phishing-domain-names-worldwide\/\" target=\"_blank\" rel=\"noreferrer noopener\">Number of unique phishing sites detected worldwide from 3rd quarter 2013 to 1st Quarter 2021<\/a>, Joe Johnson. July 20, 2021.<\/p>\n<p><sup>6<\/sup><a href=\"https:\/\/www.zdnet.com\/article\/rdp-and-vpn-use-skyrocketed-since-coronavirus-onset\/\" target=\"_blank\" rel=\"noreferrer noopener\">RDP and VPN use skyrocketed since coronavirus onset<\/a>, Catalin Cimpanu. March 29, 2020. <\/p>\n<p><sup>7<\/sup><a href=\"https:\/\/www.zdnet.com\/article\/with-18376-vulnerabilities-found-in-2021-nist-reports-fifth-straight-year-of-record-numbers\/#:~:text=Log%20Out-\" target=\"_blank\" rel=\"noreferrer noopener\">With 18,378 vulnerabilities reported in 2021, NIST records fifth straight year of record numbers<\/a>, Jonathan Greig. December 8, 2021. <\/p>\n<p><sup>8<\/sup><a href=\"https:\/\/www.aon.com\/unitedkingdom\/insights\/top-5-cyber-risks-in-mergers-and-acquisitions.jsp\" target=\"_blank\" rel=\"noreferrer noopener\">Top Five Cyber Risks in Mergers &amp; Acquisitions<\/a>, Ian McCaw.<\/p>\n<p><sup>9<\/sup><a href=\"https:\/\/www.securehalo.com\/services\/third-party-cyber-risk\/#:~:text=A%20Ponemon%20Institute%20report%20notes,remediation%20costs%20averaging%20%247.5%20million\" target=\"_blank\" rel=\"noreferrer noopener\">Mitigating Third-Party Cyber Risk with Secure Halo<\/a>, Secure Halo.<\/p>\n<p><sup>10<\/sup><a href=\"https:\/\/www.ubergizmo.com\/2021\/01\/americans-spend-more-time-on-apps-than-tv\/\" target=\"_blank\" rel=\"noreferrer noopener\">Americans Now Spend More Time Using Apps Than Watching Live TV<\/a>, Tyler Lee. January 13, 2021.<\/p>\n<p><sup>11<\/sup><a href=\"https:\/\/techcrunch.com\/2022\/01\/12\/app-annie-global-app-stores-consumer-spend-up-19-to-170b-in-2021-downloads-grew-5-to-230b\/\" target=\"_blank\" rel=\"noreferrer noopener\">App Annie: Global app stores\u2019 consumer spend up 19% to $170B in 2021, downloads grew 5% to 230B<\/a>, Sarah Perez. January 12, 2022. <\/p>\n<p><sup>12<\/sup><a href=\"https:\/\/www.cyberdefensemagazine.com\/the-top-ten-mobile-flashlight-applications-are-spying-on-you-did-you-know\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Top Ten Mobile Flashlight Applications Are Spying On You. Did You Know?<\/a> Gary S. Miliefsky. October 1, 2014. <\/p>\n<p><sup>13<\/sup><a href=\"https:\/\/cybernews.com\/security\/crimeware-as-a-service-model-is-sweeping-over-the-cybercrime-world\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Crimeware-as-a-Service model is sweeping over the cybercrime world. Here\u2019s why<\/a>, Pierluigi Paganini. October 16, 2020.<\/p>\n<p><sup>14<\/sup><a href=\"https:\/\/www.av-test.org\/en\/statistics\/malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malware Statistics &amp; Trends Report<\/a>, AV-TEST. April 12, 2022. <\/p>\n<p><sup>15<\/sup><a href=\"https:\/\/www.comparitech.com\/antivirus\/malware-statistics-facts\/\" target=\"_blank\" rel=\"noreferrer noopener\">Malware statistics and facts for 2022<\/a>, Sam Cook. February 18, 2022. <\/p>\n<p><a id=\"_msocom_1\"><\/a><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/04\/21\/discover-the-anatomy-of-an-external-cyberattack-surface-with-new-riskiq-report\/\">Discover the anatomy of an external cyberattack surface with new RiskIQ report<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/04\/21\/discover-the-anatomy-of-an-external-cyberattack-surface-with-new-riskiq-report\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christine Barrett| Date: Thu, 21 Apr 2022 16:00:00 +0000<\/strong><\/p>\n<p>Learn how supply chains, shadow IT, and other factors are growing the external attack surface\u2014and where you need to defend your enterprise.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/04\/21\/discover-the-anatomy-of-an-external-cyberattack-surface-with-new-riskiq-report\/\">Discover the anatomy of an external cyberattack surface with new RiskIQ report<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[4500,11074,12040,22063],"class_list":["post-18827","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-cybersecurity","tag-network-security","tag-threat-intelligence","tag-zero-trust"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18827"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18827\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18827"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}