Luister naar SecurityTrails Blog

At SecurityTrails we continuously upgrade, improve and enhance the quality of user experience in our Attack Surface Intelligence platform. Today, we are thrilled to announce several Attack Surface Intelligence updates we've recently been working on: Risk History by Host, Risk Rules API, Search for Signatures, and other upgrades! Keep reading to learn more. Admin Panel detections in Inventory A great new feature from our latest release is Admin Panels, located within the Inventory tab. This option will help you locate administrator panels in mere seconds. This allows security teams to find exposed control panels from popular technologies and software, which may be out of compliance with policies, and therefore, adding unnecessary risk to your organization. Among its many highlights, the Admin Panel feature: Works on deep paths. Works on IPs without hostnames. Includes firewalls, enterprise software, developer tools, and CMS's. Adds new signatures frequently and automatically. On that interface, you'll find a Counts by Panel summary, where you'll find the top exposed panels, along with the number of affected IP addresses and hostnames. Scrolling down, you'll also find the full list of panels we found, along with a description, the port where it was found, the affected service, and a quick target link so you can jump right into each one of them: Risk Rules API The new Risk Rules API allows users to get immediate data for CVEs, including vulnerability name, description, risk severity (classification), affected hostnames, technical references found on the Internet, and project metadata such as ID, title and snapshot creation date. Risk History by Host The new Risk History by Host feature is the perfect tool for keeping an historical tracking of your current vulnerabilities and misconfigurations. By listing them, you'll know when they appeared for the very first time, and most importantly when they were cleared (fixed, patched) and no longer showing on the Risk Rules report. As shown in the above screenshot, you can also filter the Risk History by Severity or Event type (added or cleared), and even export the results into a CSV file. End-user ability to search signatures This new feature gives Attack Surface Intelligence users the ability to search for risk signatures, so customers can determine whether to check for a certain vulnerability or if a misconfiguration is present on our Attack Surface Intelligence checks, as shown in the following screenshot. SecurityTrails periodically releases updates that improve the performance, security, and logic of your experience in Attack Surface Intelligence. By enhancing the usability of the Attack Surface Intelligence interface, we create a new environment that allows you to identify and prevent threats much more effortlessly. Why don't you try it yourself and facilitate your most thorough and effective way of protection? Book your demo now!

As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy. Previous efforts—largely encumbered by vendor-specific naming convention inconsistencies or by the lack of a community consensus around establishing classification primitives—were centered on multidimensional methods of identifying security problems without regard for interoperability; in a seminal progress report, MITRE will later refer to this budding cacophony of naming schemas as the vulnerability "Tower of Babel." Over the years, a community-led effort formally known as the [Common Vulnerabilities and Exposures (or CVE) knowledge base, will grow to become the vulnerability enumeration product that finally bridged the standardization gap. A (very) brief history of CVE In 1999, as David E. Mann and Steven M. Christey (The MITRE Corporation) were trying to gather momentum for a publicly disclosed alternative to early attempts by organizations at sharing any discovered computer flaws, the internet was already buzzing with a growing number of cybersecurity threats. Consequently, CVE's meteoric rise through corporate networks clearly meant that the industry was ripe for a departure from siloed databases and naming conventions to a more centralized approach involving a unified reference system. Thus, CVE evolved as a practical evaluation tool—a sort of dictionary, if you will—to describe common vulnerabilities across diverse security platforms without incurring the penalty of having a multitude of references attributed to the same exposure. Its subsequent endorsement will come in many forms, including being the point of origin of countless new CVE-compatible products and services originating from the vendor community at large. In addition, as the CVE initiative grew, so did the number of identifiers (or CVE entries) officially received and processed through several refinement phases and advisory boards—from a modest 321 entries back in 1999 to over 185K as of this year; the list keeps growing. A second major catalyst for integration orients us toward operating systems and their inclusion of CVE-related information to deal with software bugs and the inherent asymmetries that arise from product release to patching, as it is well understood that the presence of any high-impact vulnerabilities exponentially increases the probability of a serious breach. Finally, CVEs are the cornerstone of threat-informed defense and vulnerability management strategies in a digital world visibly marked by the presence of miscreants in practically every area, combining these under the banner of the MITRE ATT&CK® framework. This sort of objectivity distills and contextualizes the impact of security vulnerabilities together with adversarial tactics against the risk assessment backdrop, providing defenders with a unique opportunity to plan any mitigation responses accordingly. But, what qualifies as a CVE? In short, a vulnerability becomes a single CVE when the following three criteria are met: The reporting entity, product owner, hardware, or software vendor must acknowledge and/or document the vulnerability as being a proven risk and explain how it violates any existing security policies. The security flaw must be independently fixable; that is, its context representation does not involve references or dependence on any additional vulnerabilities. The flaw affects a discrete codebase, or in cases of shared libraries and/or protocols that cannot be used securely; otherwise, multiple CVEs will be required. After the remainder of the vetting process is complete, every vulnerability that qualifies as a CVE is assigned a unique ID by a body of numbering authorities (or CNAs) and posted on the CVE website for public distribution. CVE and the attack surface With the frantic expansion of the attack surface beginning some years ago came the visibility i...

Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version. This year's 15th installment of the Verizon Data Breach Investigations Report (DBIR) features yet another impressive dataset of corporate breaches and exposures marked by an overriding postulate: attack surfaces matter and they should dictate a large portion of your risk assessment strategy. First launched in 2008, the DBIR's 2022 version has been significantly expanded, from a modest amount of 500 cases, to include 5212 breaches and 23896 incidents examined through the lens of the VERIS 4A's (Actor, Action, Asset, and Attribute) framework. Its timeline section looks at comprehensive aspects such as discovery time, any attacker actions taken pre, and post-breach, and the number of actions per breach. Additionally, there is a pattern-matching initiative to help organizations navigate through some of the most concerning incidents while providing a handful of preliminary security controls. Industry verticals included in this 2022 report include Accommodation and Food Services (72), Arts, Entertainment and Recreation (71), Educational Services (61), Financial and Insurance (52), Healthcare (62), Information (51), Manufacturing (31 to 33), Mining, Quarrying, and Oil & Gas Extraction + Utilities (21 + 22), Professional, Scientific and Technical Services (54), Public Administration (92), Retail (44-45), and Very Small Businesses (10 employees or less). The report highlights threats from different regions of the world such as Asia Pacific, Europe, Middle East, Africa, Northern America, Latin America, and the Caribbean, with SecurityTrails playing the role of intelligence contributor as in the recent past. Summary of key findings Through a series of carefully-selected and correlated investigative scenarios, a collective effort that the DBIR refers to as "creative exploration", albeit without bias, the report's findings continue to highlight several areas of interest from where cybercrime continues to drive profit. For example, identity theft and fraud motivate an important sector of transnational cybercrime, with some of the most explicit cases centered on the use of ransomware, no surprise there. However, a bustling amount of incidents, where default or stolen credentials are being leveraged, extended the attack paths with relative ease, opportunistic or not, the problem showed evidence of being compounded by a growing lack of adequate visibility into publicly-facing assets and (any) corresponding vulnerabilities. At the tail end of the distribution, the vulnerability-to-breach ratios remained particularly significant. To put it in the DBIR's own parlance, this is where attackers are looking (it's a numbers game!); a sustainable environment with enough incentives as miscreants come hard on the heels of struggling security teams. Important, too, are the enticing circumstances applicable to different industries. In other words, and perhaps not surprisingly, attacks based on a specific business model are likely to be more successful in the long run. An observed convergence between the human element and system misconfigurations remained just above the 5th percentile (a decrease from 2020), but it drove an estimated 13% of overall system breaches, with misconfigured cloud storage instances leading the trend. How Attack Surface Intelligence helps prevent DBIR’s most popular threats As we can see from the key findings from the 2022 DBIR, lack of visibility into public-facing assets is one of the most prominent problems inhibiting security teams from preventing threats to their organizations. Since we introduced Risk Rules, our main goal was to help security teams find an easy way to generate a complete and dynamic inventory of all their digital assets, as well as identify CVEs and critical misconfigurations over all their hosts. And when it comes to asset discovery, as you see from the following screenshot, A-S-I is particula...

Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version. This year's 15th installment of the Verizon Data Breach Investigations Report (DBIR) features yet another impressive dataset of corporate breaches and exposures marked by an overriding postulate: attack surfaces matter and they should dictate a large portion of your risk assessment strategy. First launched in 2008, the DBIR's 2022 version has been significantly expanded, from a modest amount of 500 cases, to include 5212 breaches and 23896 incidents examined through the lens of the VERIS 4A's (Actor, Action, Asset, and Attribute) framework. Its timeline section looks at comprehensive aspects such as discovery time, any attacker actions taken pre, and post-breach, and the number of actions per breach. Additionally, there is a pattern-matching initiative to help organizations navigate through some of the most concerning incidents while providing a handful of preliminary security controls. Industry verticals included in this 2022 report include Accommodation and Food Services (72), Arts, Entertainment and Recreation (71), Educational Services (61), Financial and Insurance (52), Healthcare (62), Information (51), Manufacturing (31 to 33), Mining, Quarrying, and Oil & Gas Extraction + Utilities (21 + 22), Professional, Scientific and Technical Services (54), Public Administration (92), Retail (44-45), and Very Small Businesses (10 employees or less). The report highlights threats from different regions of the world such as Asia Pacific, Europe, Middle East, Africa, Northern America, Latin America, and the Caribbean, with SecurityTrails playing the role of intelligence contributor as in the recent past. Summary of key findings Through a series of carefully-selected and correlated investigative scenarios, a collective effort that the DBIR refers to as "creative exploration", albeit without bias, the report's findings continue to highlight several areas of interest from where cybercrime continues to drive profit. For example, identity theft and fraud motivate an important sector of transnational cybercrime, with some of the most explicit cases centered on the use of ransomware, no surprise there. However, a bustling amount of incidents, where default or stolen credentials are being leveraged, extended the attack paths with relative ease, opportunistic or not, the problem showed evidence of being compounded by a growing lack of adequate visibility into publicly-facing assets and (any) corresponding vulnerabilities. At the tail end of the distribution, the vulnerability-to-breach ratios remained particularly significant. To put it in the DBIR's own parlance, this is where attackers are looking (it's a numbers game!); a sustainable environment with enough incentives as miscreants come hard on the heels of struggling security teams. Important, too, are the enticing circumstances applicable to different industries. In other words, and perhaps not surprisingly, attacks based on a specific business model are likely to be more successful in the long run. An observed convergence between the human element and system misconfigurations remained just above the 5th percentile (a decrease from 2020), but it drove an estimated 13% of overall system breaches, with misconfigured cloud storage instances leading the trend. How Attack Surface Intelligence helps prevent DBIR’s most popular threats As we can see from the key findings from the 2022 DBIR, lack of visibility into public-facing assets is one of the most prominent problems inhibiting security teams from preventing threats to their organizations. Since we introduced Risk Rules, our main goal was to help security teams find an easy way to generate a complete and dynamic inventory of all their digital assets, as well as identify CVEs and critical misconfigurations over all their hosts. And when it comes to asset discovery, as you see from the following screenshot, A-S-I is particula...

With the rise in cybersecurity attacks targeting individuals and corporations alike, it's become increasingly important not only to ensure preparedness for cybersecurity attacks but to set up processes for early detection and response as well. The Cybersecurity and Infrastructure Security Agency, commonly known as the C-I-S-A, is an agency of the United States government that actively watches for cybersecurity threats and provides ways to secure various organizations (including other governmental agencies), families, and individuals. The C-I-S-A Shields Up program is a cybersecurity effort aimed at combating state-sponsored and other retaliatory cybersecurity attacks launched against organizations and individuals based in the United States. Shields Up outlines clear cybersecurity procedures for dealing with the most targeted methods of cybersecurity attacks, usually directed at organizations, families, and individuals including, notably, corporate leaders. Protection for families and individuals It's becoming more and more commonplace for everyone in a household to have their own set of personal devices. These include mobile phones, tablets, laptops, and desktops. Devices like mobile phones and tablets offer themselves as easy targets for cybersecurity attacks. Their in-app advertisements and other web-based campaigns can lead to malware being downloaded onto a device, making it imperative to follow certain cybersecurity practices to ensure that you and your family members remain safe. With basic mobile phones and tablets being sold with over 64G-128GB of on-device storage, one can imagine the amount of identifiable, personal, and easily usable information that each device can hold. The C-I-S-A's Shields Up program outlines a list of steps for individuals and families to follow in the interest of preparing themselves for and staying secure from cybersecurity-related threats. Protection for corporate leaders When it comes to cyberattacks, phishing attacks, and ransomware, corporate leaders like company directors, financial heads and CEOs are among the most targeted members of organizations. CEOs and other company leaders are commonly attacked as their systems and email accounts generally hold more useful information than others in a company. Following the guidelines laid out by the C-I-S-A's Shields Up program helps corporate leaders and CEOs stay safe and secure in the face of cybersecurity-related threats. Protection for organizations While protection for organizations is usually handled by cybersecurity experts, the most common sources of cybersecurity attacks on organizations originate from basic points of entry, such as VPN entry points, remote desktops, and other areas typically left unsecured. Fortunately, Shields Up outlines a list of steps that organizations can follow to stay secure against cybersecurity-related threats. How can Attack Surface Intelligence help your organization? Preparation The SecurityTrails Attack Surface Intelligence, A-S-I platform helps transform your security process from being reactive to proactive, and therefore preventive. This allows your organization to be better prepared for any possible cyberattacks and to stay ahead of cybercriminals. With automation being the key strength in heading off attacks, A-S-I ensures that persistent monitoring, CVE detection, and parsing of your organization's virtual assets is no longer a long and tedious process. A-S-I platform features and subjects include: Automatic detection and listing of IP addresses belonging to your organization. ASN, networks on which your organization's assets are hosted. Full domain and subdomain mapping. Detection of dev and staging subdomains. Open ports within your organization, for critical services such as databases. Self-signed SSL certificates issued within your organization. Web server vendors and versions used within your organization. Risk detection, and much more! Consider the very first step of any cybersecurity proc...