ThriveDX Labs

Sneaking Into Your Network-

 External Takeover Prevention

Sneaking Into Your Network

– External Takeover Prevention

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Blog • 3 min. read

January 16, 2022

Why is it that when we hear the word “hacker” we immediately imagine someone wearing a hoodie? Maybe hackers are afraid of the sun, or they may just prefer staying under the radar.
The covert approach adopted by malicious hackers remains their well-known trademark, and for a good reason. Attackers will always prefer to hide to ensure their safety while conducting illegal operations remotely. As a result, the majority of cybercrime is conducted remotely.
The increasing adaptation of companies to remote work due to the pandemic has required many businesses and IT departments all over the world to implement remote access solutions. These solutions focus on enabling access to sensitive company assets through “secure” channels, which, however, increases the attack surface for malicious actors and leads to greater chances of exploitation.

New Approaches – New Vulnerabilities

Attackers aim to map the available attack surface of a target company by gathering as much information as possible, utilizing both advanced passive and active reconnaissance techniques. The average attacker is able to collect employee names, email schemas, valid email addresses, leaked passwords, exposed sensitive files, owned domains, exposed servers, and services including 3rd party services, and much more.

Attackers will abuse weak, leaked, and reused passwords to obtain access to services used by company employees, allowing them to escalate privileges, gain access to resources, and move vertically within the organization.

To put this in perspective, here are some statistics: :

By abusing a single employee’s compromised email account, attackers can gather intel and launch social engineering and other attacks, leading to significant security events, such as ransomware and data breaches.

Even Great Solutions Can Be Misconfigured

Mask Group 270

Cloud services solve scalability issues for many companies by making the process of launching hundreds of systems and software applications dynamic and low-cost, based on pay-as-you-go subscriptions. While this provides companies with much-needed flexibility, it also opens the way to the possibility of new misconfigurations.
Attackers constantly target cloud computing instances, and they do so efficiently, abusing publicly known IP ranges owned by cloud service providers. They will abuse automated vulnerability exploitation scripts that are capable of exploiting common misconfigurations, over an entire range of addresses, with no time limitations, as well as brute-force common services and perform post-exploitation activities, such as deploying persistence mechanisms, in a fully automated manner.

Even if a compromised instance was only used for a simple test purpose and didn’t contain sensitive information, it may still provide access to an internal network – access that will enable an attacker to launch an attack over instances that would not typically be exposed to the public. Due to cloud architecture complexity, based on roles, subnets, and routes, and the belief that the instances are safe since they are only accessible through VPN, attackers can remain under the radar while exfiltrating sensitive information.

Get in touch with our cyber security consultants

Prepare your organization for the next cyberattack

On average, a cyberattack occurs every 39 seconds. Are you ready for the next attack?
A highly skilled technical team of professional individuals who are collectively known as the Red Team can perform a comprehensive assessment of your company’s security level. During the assessment, they will expose vulnerabilities that can lead to footholds in your internal network and exploit them to demonstrate vulnerabilities in the system as a whole. Their tests and results will be recorded and explained in a detailed report that will be provided after the assessment.

Did we mention that the assessment will not affect up-time?

Such operations are essential to expose vulnerabilities known to attackers and enable the company to mitigate, strengthen, and enhance defenses in accordance with real-life threats.

About ThriveDX Labs

We strive to help organizations protect themselves against threats in today’s cybersecurity landscape. We utilize the same advanced techniques and cutting-edge tools as real threat actors to expose security gaps in applications and network infrastructure, and assist organizations with bridging those gaps to prevent real damage.

Get in touch with our cyber security consultants