Weak or Stolen credentials/credentials stuffing
A host's list of weak or stolen credentials and passwords can easily be purchased or gathered by an attacker and then misused for brute-forcing or credential stuffing attacks to get past a login interface. Examples of interface attack surfaces include:
- Public user logins
- Exposed web VPNs
- Exposed remote desktop protocols
- Email clients
- Third-party software login
Contrary to some beliefs, the best practice here is not to always change passwords but to keep a password manager where you only need to memorize one complex and unique password and not reuse it over and over again.
An attack vector touches both web and physical attack surfaces because it leverages email or SMS to get a company insider to click on a malicious link. A successful phishing attempt then opens up access to the company’s network.
Most companies conduct security training to increase individual awareness for phishing attacks, and keeping it top of mind can help prevent these attacks from succeeding. In addition to training, assessing email configurations such as SPF/DMARC and DKIM records can reduce the chances of an attack.
If your data is not encrypted correctly, attackers can eavesdrop on your traffic to steal sensitive user data such as usernames, passwords, and credit card credentials. Stolen session cookies could be leveraged further in a chain of vulnerabilities by attackers.
Even though Google reports that 95% of Google traffic is encrypted with HTTPS, attackers still have chances to listen in via man-in-the-middle attacks such as dodgy Wi-Fi connections or bypass CORS and post messages. Such vulnerabilities in websites and other encryption issues can be detected and assessed with the help of external attack surface management tools.
Accidentally exposed assets on the internet
The constant acceleration towards digitalization and remote work culture has accelerated cybersecurity attacks and incidents, with 67% reported attacks targeting remote workers. Work is no longer limited to a secured work network, forcing organizations to provide employees access to, for example, remote desktop protocols and web login interfaces. In 2020, threat actors were exploiting exposed Microsoft Remote Desktop Protocol (RDP) servers that were suddenly online because of the necessity of remote work access.
If an attacker locates a team member's access point, they could exploit this exposure using stolen user login details or brute-forcing. As a result, activating multi-factor authentication is recommended to add an extra layer of security for the attacker to overcome.
With employees working outside of the physical workplace perimeters and using unsecured WiFi networks, hacking incidents and accidental exposure of critical business ports and other internal environments are increasing. Having an asset discovery tool that will crawl the cloud environment and ports to help map out what is exposed can go a long way towards securing the entire organizational network. Read more tips on securing remote work.