By Gordon Lawson on May 06, 2021
As threat actors attempt to remain undetected to carry out attacks, they often use a variety of tools to obscure their identities and activity. Organizations meanwhile leave their networks and activity open for inspection by anyone who chooses to perform basic reconnaissance.
For example, employees directly using the Internet expose their IP address, location and network identity. To make matters worse, most enterprise networks are fixed, static and easily located. This makes any external connection used by a company a potential source of attack for targeting data and systems.
While obscurity is an offensive tool for attackers, it also represents a defensive measure for organizations. Let’s consider the benefits of concealing network infrastructure and activity from the outside world to reduce the enterprise attack surface.
Microsoft has found more than 40 of its customers including itself whose systems have been compromised by leveraging the SolarWinds Orion platform update vulnerability known as Solorigate/Sunburst.
In a Dec. 17 blog post, company president Brad Smith said that by using indicators of compromise in Windows Defender anti-virus, it has been able to identify and notify these organizations.
About 80 per cent of them are in the United States, but there are also victims in Canada, the United Kingdom, Mexico, Belgium, Spain, Israel and the United Arab Emirates.
“It’s certain that the number and location of victims will keep growing,” Smith added.