Why Breaches of Web-Facing Assets are on the Increase

Think of a hacker as an enemy attack submarine.  In warfare, a submarine lurks underwater, seeking victims.  It may be probing the defenses of a shipping harbor to find weaknesses that can be exploited.  Hackers perform a similar strategy today as they probe the web for internet-facing assets to find easy targets to breach and exploit.  They continue this practice for one simple reason, it works.  And because it works, these types of breaches are on the rise.

One of the main reasons for the increase of these types of breaches is the explosion of the number of digital assets that are directly connected to the internet.  For instance, some 60 percent of banks’ digital assets reside outside of the corporate firewall, exposing these financial institutions to additional external risk.  It is estimated that the top 35 banks alone each have as many as 7,500 of these assets.  Now consider the proliferation of IoT devices such as cameras and sensors that companies deploy at a staggering rate we well as websites, web applications and routers.  It is a simple equation; as the number of internet-facing assets grows, so does the number of cyber attacks. 

It is more than just the mere increase in targets that explains the growth rate of these breaches.  After all, if every device were secured using the best security practices, the expanding number of targets wouldn’t matter.  Unfortunately, organizations of all sizes continue to ignore best practices when it comes to securing their devices.  This includes the persistence of poor password practices, the failure to stay current on the patching, and updating of operating systems and applications.  It is essentially a 1-2 punch.  A hacker gains access to an asset by cracking its password protection and then is able to fully exploit it due to out-of-date firmware.  These two mistakes contribute a largely to the fact that hackers have managed to breach half of the 28 million small businesses in the United States according to the 2016 State of SMB Cybersecurity Report. 

While your active-directory accounts may have a time-out policy which cuts off logon attempts after a certain number of incorrect attempts, many internet-facing assets allow for unlimited attempts.  This allows for brute force attacks in which large botnets simply barrage an asset with unlimited passwords.  Because of technology advancements, an eight-character password is totally insufficient today, even if it utilizes upper and lower case letters and numeric digits.  That’s because today’s supercomputers can generate all 218 trillion character combinations in less than a minute.  While few hackers have access to a supercomputer, they are able to harness the collective CPU power of thousands of computing devices in the same manner that malicious cryptocurrency miners do today.  The passwords that protect internet-facing assets must be no less than 12 characters in length today in order to stifle brute force attacks. 

Hackers have even found an innovative solution to thwart security policies that do restrict the number of incorrect logon attempts.  The strategy is called Password Spraying, in which common passwords such as qwerty or 12345678 are tested for thousands of accounts at a time.  In other words, rather than blasting a single account with passwords, the hackers use a single password and try it out on thousands of users or devices in search of easy prey.  Don’t think that common passwords are so obvious though.  According to a recent investigation, the character combination “ji32k7au4a83” is one of the most used passwords in the world, and because of that, the most vulnerable.

The fact is that attackers intentionally seek out devices with old software and patch vulnerabilities.  Once a software vulnerability is discovered, it is a race against time to patch it before hackers develop a weapon to exploit it.  The absence of proper of patching is even more prevalent when it comes to internet-facing assets.  For instance, simple websites using a content management system are constantly hacked due to a lack of patching as well as vulnerabilities in plugins and themes.  A recent investigation showed that only 56 percent of compromised sites were running an up-to-date CMS at the time of the attack.  Compound this with the fact that many IoT vendors fail to even provide updates for their devices, and the magnitude of the problem is quickly realized.

The first step in protecting your internet-facing assets is to know what you have.  This requires a comprehensive asset inventory because you can’t secure assets you don’t know about.  The next step is to ensure that all of your assets are running the latest version of all software code and firmware and to implement a patching management system to ensure that all devices are fully patched.  Of course the implementation of a strict password policy for assets that rely on passwords as their only protection is imperative.  When possible, the inclusion of a multifactor authentication (MFA) solution is highly desirable, if not mandatory.  Organizations that have a large number of assets outside of the firewall should consider some type of web application firewall to protect them.  Finally, every organization needs to not only stay up-to-date in patching, but also stay abreast on the latest threats and the solutions to combat them.  Helpful reminders for your team such as cyber security posters or cyber security training are good ways to keep up cyber awareness in the office.

Yes, hackers will continue to probe your defenses, but with the right culmination of reasonable cyber security strategies and solutions, you can protect your harbor of digital assets from the 1-2 punch of malicious cyber attackers that are lurking just outside of your organization.

Are you prepared for a cyber security incident? Assess your incident response readiness. We can help if you have a security incident to help minimize the impact.

Incident Response Hotline: 800-925-0559