fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Threat Actors Find and Compromise Exposed Services in 24 hours

Threat Actors Find and Compromise Exposed Services in 24 hours

Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours.

Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.

To track what software and services are targeted by threat actors, researchers create publicly accessible honeypots. Honeypots are servers configured to appear as if they are running various software as lures to monitor threat actors’ tactics.

Also Read: Got A Notice of Data Breach? Don’t Panic!

A tempting lure

In a new study conducted by Palo Altos Networks’ Unit 42, researchers set up 320 honeypots and found that 80% of the honeypots were compromised within the first 24 hours.

The deployed honeypots included ones with remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB), and Postgres database services and were kept alive from July to August 2021.

These honeypots were deployed worldwide, with instances in North America, Asian Pacific, and Europe.

Honeypot experiment infrastructure
Honeypot experiment infrastructure
Source: Unit 42

How attackers move

The time to first compromise is analogous to how much the service type is targeted.

For SSH honeypots which were the most targeted, the mean time for the first compromise was three hours, and the mean time between two consecutive attacks was about 2 hours.

Mean time between two consecutive attacks
Mean time between two consecutive attacks
Source: Unit 42

Unit 42 also observed a notable case of a threat actor compromising 96% of the experiment’s 80 Postgres honeypots in just 30 seconds.

This finding is very concerning as it could take days, if not longer, to deploy new security updates as they are released, while threat actors just need hours to exploit exposed services.

Finally, regarding whether the location makes any difference, the APAC region received the most attention from threat actors.

Also Read: A Review of PDPC Undertakings July 2021 Cases

Attacks against each service type by region
Attacks against each service type by region
Source: Unit 42

Do firewalls help?

The vast majority (85%) of attacker IPs were observed on a single day, which means that actors rarely (15%) reuse the same IP on subsequent attacks.

This constant IP change makes ‘layer 3’ firewall rules ineffective against the majority of threat actors.

What could have better chances of mitigating the attacks is to block IPs by drawing data from network scanning projects which identify hundreds of thousands of malicious IPs daily.

However, Unit 42 tested this hypothesis on a sub-group of 48 honeypots and found that blocking over 700,000 IPs had no significant difference in the number of attacks between the sub-group and the control group.

Comparison between firewall and no-firewall groups
Comparison between firewall and no-firewall groups
Source: Unit 42

To protect cloud services effectively, Unit 42 recommends that admins do the following:

  • Create a guardrail to prevent privileged ports from being open.
  • Create audit rules to monitor all the open ports and exposed services.
  • Create automated response and remediation rules to fix misconfigurations automatically.
  • Deploy next-generation firewalls (WFA or VM-Series) in front of the applications.

Finally, always install the latest security updates as they become available as threat actors rush to utilize exploits for new vulnerabilities as they are published.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us