How does an attacker choose your company as a target and why?
These are a couple of the questions we will try to answer in this article. We will also provide you with some helpful tips and services to assist in preventing your company from being the attacker’s next target.
Depending on what’s happening in the world today, a new vulnerability is being released publicly or a company advertising a new product or service. Every attacker is different, in the sense of their motive for picking or randomly selecting there next target for attack. These distinct impulses can be categorized as a White Hat, Grey Hat or Black Hat hacker. The White Hat hacker will discover a vulnerability or exploit in a system and then report the findings to the company. This is typically referred to as a Penetration Tester. The Grey Hat hacker will also discover vulnerabilities or exploits in a system, but will not maliciously cause harm to the system and will not report the discover to the company. Some Grey Hat’s may anonymously post the discovery on the internet. The Black Hat hacker is equivalent to the Grey Hat, accept the Black Hat will have malicious intent to either take down the system or profit from the discovers openly or on the Dark Web Markets.
Advertising or announcing a new product or service to the public may only be enticing to an attacker depending on what the product or service will offer the company purchasing it. Typically new products or services come with unknown vulnerabilities or bugs whether it’s in the application or human factor. In addition, cloud services or on premise may be a factor as well.
An attacker will sometimes defer to online resources to randomly find there next target. Some of these online resources maybe advanced searches on Google or DuckDuckGo, online repositories such as Google Hacking Database and Github.
For example, let’s say an attacker may want to target any vulnerable company with a WordPress website. The attacker could use the Google Hacking Database and simply search the word “wordpress” and find hundreds of results to discover a magnitude of different types of WordPress vulnerabilities. This information would then be used to conduct advanced searches on the internet typically referred to as Dorking. If your company’s website is vulnerable, it may appear in these types of searches.
Helpful Tips to assist your company in protecting your assets:
- Regularly update your firmware and applications that are publicly exposed.
- Recommendation: Implement a patch management system (ex. WSUS) or pay for Managed IT Services.
- Try to remove any branding on the portal from the company who developed the application. This would also include the Header information.
- Recommendation: Contact your product or applications vendor, to validate which logos, statements or help files can be removed.
- Regularly test the security of your products or applications that are publicly exposed.
- Recommendation: Use a vulnerability scanner (ex. OpenVAS) or contract a penetration tester to validate the security.
- Be aware of your online presents and how your company’s assets are connected to each other. One piece of information usually leads to another, then another.
- Recommendation: Use an infrastructure discovery application or service (ex. Maltego) or contract a Security Consultant to obtain the information for you.
OUR SECURITY SERVICES INCLUDE:
- Risk Assessments
- Penetration Testing
- Web Application Testing
- Security Awareness Training
- Managed SIEM
- Managed Security Services (MSSP)
- Security Consulting