Canon Marketing Japan Co., Ltd. ESET SPECIAL SITE Canon MJ What is the security information Cyber Security Information Bureau ESET Cyber Attack Surface?How to reduce the risk?

Many people have heard of "Cyber Attack Surfes (areas that are likely to be cyber attacks)" and close words in recent information leak accidents.It is important to understand where cyber attacks occur and where the organization is at the risk.In this pandemic, the attack surface has expanded quickly at an unprecedented speed.Unfortunately, companies can no longer identify where the areas are likely to be attacked and how complicated.As a result, digital and physical assets are left unchecked, leaving room for cyber criminal attacks.

Fortunately, if you practice the best practices introduced below, it is highly likely that the visibility of the attack surface can be improved.Visualization will enable you to minimize the attack surface and take the necessary measures to properly manage.

What is an attack surface?

Simply put, the attack surface refers to the physical and digital assets held by companies that may be infringed to facilitate cyber attacks.The purpose of the attacker is to spread ransomware, theft of data, the formation of botnet, download a banking -type troy, and install the virtual currency mining malware, but ultimately aim to expand the attack target.。In other words, the greater the attack target, the more the target of the attacker.

Attack surface is roughly classified into two categories.

Digital attack surface

Includes hardware, software, and all the components connected to the network.

アプリケーション：アプリケーションの脆弱性は一般的なものであり、攻撃者は重要な情報システムやデータへの有効な侵入口となり得る。

コード：マルウェアや脆弱性が含まれている可能性があるため、サードパーティによってコンパイルされたコードには大きなリスクがある。

ポート：攻撃者は開いているポートや特定のポートを使っているサービスがないかを探し回っている。例えば、RDP（Remote Desktop Protocol）に使われる3389番のTCPポートが対象となり得る。これらのサービスが適切に設定されていなかったり、バグが含まれていたりすると悪用される恐れがある。

サーバー：エクスプロイトを使った脆弱性攻撃やDDoS攻撃の標的となり得る。

Webサイト：Webサイトにおけるコードの欠陥や設定ミスといった要素もDigital attack surfaceに含まれる。サイト改ざんやフォームジャッキングのように悪意のあるコードが埋め込まれる可能性がある。

証明書：証明書を失効したままにしてしまう企業は少なくなく、攻撃者に悪用される恐れがある。

These do not cover all of the attack surface.In order to show the rapid expansion of the digital attack surface, an outline of a survey conducted on 30 FTSE companies in 2020 is shown below.

Physical (physical) attack surface

Includes all terminals that the attacker can physically access.

Employees can be said to be the main parties to physical attacks.This is because there is a risk of being guided by social engineering, including phishing fraud and its derivative in the process of cyber attacks.In addition, some employees perform shadow IT, such as escaping corporate security management and using unreliable applications and terminals.Unreliable tools are often exposed to new threats because they are not well protected.

Is the attack surface expanding?

Companies have built IT infrastructure and digital assets for many years.However, the pandemic has supported remote work and has made a large -scale investment to maintain business in a dramatically changing business environment.Therefore, the attack surface is also expanding.The following is an example.

This trend will continue in the future.According to experts, many companies have reached a digitization turning point where the work is constantly changing.These changes take the following risks.

In addition, the risk of attack surface expansion is not limited to the above.In fact, there are hundreds of techniques by the attacker, and some of them are very spread.For example, ESET discovered 71 billion attacks between January 2020 and June 2021, making a mistake in setting the RDP.

To reduce the risk of attack surface

It is important to deal with the expanding attack surface according to the cyber security best practices.The first step is to take measures to understand and reduce and manage the scope.The hints are described below.

Corporate IT environment is constantly changing.Specifically, the spread of virtual machines, containers, and microscopic services, employees have joined and left the company, and the introduction of new hardware and software.Therefore, in order to visualize and manage the state of the attack surface, a flexible and advanced tool that can be judged based on real -time information is required.In order to reduce the risk of attack surfaces, you should pay attention to "visibility and control", as in other security measures.