Beyond Attack Surface Management (ASM): Attack Surfaces Targeted by Cyber Espionage Groups
"Attack Surface" refers to the IT assets and attack vectors that can be targeted to compromise the systems of an organization or the devices of individuals.
Recently, it has become peculiarly noticeable that internet-facing devices are being targeted, becoming the primary origin for infiltration by ransomware groups motivated by financial gain.
In the past year, vulnerabilities in internet-facing devices specified as Fortigate, Barracuda ESG, F5 BIG-IP, and Cisco IOS XE have been exploited frequently, causing crucial impacts on many organizations.
In specified a situation, the Attack Surface Management (ASM) approach to discover internet-facing assets and systems that could be exploited becomes a high-priority consideration.
Moreover, incidents involving cyber espionage have highlighted that not only are internet-facing device assets targeted, but physical access points specified as USB and WiFi access points are besides critical attack surfaces. Additionally, in cyber espionage, the usage of zero-day exploits on internet-facing devices is not uncommon.
In this presentation, we will first explain the evolving trend of attack surfaces targeted by espionage groups specified as TA410, Mustang Panda, Tropic Trooper, etc., in Asia, analyzed from 2023 to the beginning of 2024. We'll focus on the Tactics, Techniques, and Procedures (TTPs) for each attack surface. Particularly, in our discussion about internet-facing devices, we introduce the ASM approach and insights from our ASM researchers about the trend of susceptible internet-facing devices gained through the investigation of more than 100 companies.
Following this, we will discuss lessons learned from our incidental consequence usage cases that cannot be prevented by ASM alone, including CVE-2023-27997 (Fortigate), CVE-2023-46805, and CVE-2024-21887 (Ivanti). We will talk about what we could have done to lessen the impact and the analysis of a backdoor deployed on Ivanti CS not publically described at this time.
We will discuss case studies of incidents that occurred in Asia. However, many espionage groups in Asia, like Mustang Panda, extend their targets to another regions, including Europe, and we believe this talk will be of interest to attendees from another regions, too.
Key takeaways from our presentation will include:
- An knowing of the targeted attack surfaces by fresh cyber espionage.
- Insights from real-world incidental cases involving internet-facing zero-day attacks.
- Strategies for defending against both known and unknown exploits.
More: https://confidence-conference.org/