December Webinar Recap, COVID Impact on Attack Surface Management
Last December, Censys held a joint webinar with Chris Kubecka, CEO of HypaSec, as well as a group of very talented Censys women. This roundtable discussion was centered around how attack surface management has changed during the COVID-19 pandemic and how to better manage your attack surface during this time. This is a summary recap of the webinar, but you can listen and watch the webinar at any time on our website here.
- Chris Kubecka, CEO HypaSec
- Morgan Princing, Lead Solutions Engineer, Censys
- Yasmine Frigui, Software Engineer, Censys
- Alexis Culp, Principal Solutions Engineer, Censys
What you’ll learn:
- How and why attack surfaces are exploding in size, especially since the COVID-19 pandemic.
- How CISOs and their organizations are dealing with this explosive growth and the challenges they face.
- How to get a full inventory of your organizations’ assets and prioritize and resolve risk.
A Changing Threat Landscape
As we are all keenly aware by now, the COVID-19 pandemic has impacted the world in so many different ways. From an information security perspective, we have seen this most notably manifested in the following:
- Distributed workforce and a changing perimeter with a shift to a much larger remote workforce.
- More phishing and opportunities, influenced by consumer behavior to make money such as with masks and exploiting the desire to get a vaccine.
- Economic and financial gain is higher than ever for cybercriminals and they are exploiting the situation to the best of their ability.
A Deep Dive into Specific Attack Vectors, A Look at SMB
In the webinar, Chris Kubecka discusses one attack vector in particular that is not going away any time soon — SMB exposure to the Internet. From EternalBlue to WannaCry to Emotet to TrickBot, we see SMB exposure result in serious consequences to the organization and the world. These occurrences have become so commonplace that CISA also issued SMB Security Best Practices for information security practitioners in 2017.
Using Censys and our ability to gain a global perspective across the Internet, we explored how much of SMB is currently running SMBv1. Through Censys, we discovered 17.4% of all SMB exposed on the Internet is SMBv1. Security Researcher and CEO of HypaSec, Chris Kubecka warns, “SMB is low-hanging fruit for a lot of automated malware, ransomware, cybercriminals … it’s just an easy way in.”
Recommendations on remediation or managing your SMB include:
- Identifying external exposures
- Identifying internal exposures
- Disabling Internet-exposed SMB
- Phasing out SMB version 1 and 2
The Internet-exposed world will continue to change and evolve over time, which means understanding attack vectors and impacts across your entire attack surface is becoming more and more critical.