Your Fly Is Open

Netmenaces and Other Internet Stupidity

Learning From The Outside: A Wake-Up Call For Security Teams

2024-12-10 3 min read attacks professionalism

I spend significant time each week trolling through Google, using very targeted searches to find compromised websites, and I’ve found a lot. When I discover one, I try various ways to contact someone who can clean up the site.

Yes, I often find vanity sites or the sites of small mom-and-pop businesses that someone has hacked. However, I’ve also found a lot of large companies—medical facilities, financial institutions, and international manufacturing businesses.

What is the takeaway here? In security, the ideal is for internal teams to detect and respond to threats swiftly and independently. However, I show up—suddenly and unannounced—uncovering an overlooked compromise. While this may initially be a very uncomfortable realization for a company, leveraging this as a learning opportunity is essential.

Lessons Learned—Introspection And Humility:

Recognizing that an outsider discovered a compromise is a stark reminder that no organization is infallible. Companies must approach this revelation with humility and openness. Acknowledging that a gap exists is the first step toward improving security protocols.

Why was the breach not detected internally? Analyzing this should uncover weaknesses in current monitoring and alert systems. Reassess the tools and processes for monitoring your network traffic, log analysis, and anomaly detection.

A breach is often the result of human error or outdated knowledge. Regular training and up-to-date threat intelligence can help your staff to recognize and respond to potential threats more effectively. Many of the searches I perform target specific, known web vulnerabilities—your team SHOULD catch these if they target systems or software you use. If they didn’t, perhaps this indicates a training deficiency.

Conduct frequent third-party security audits to obtain an unbiased assessment of your cybersecurity posture. These audits can emulate the outsider perspective and highlight areas of vulnerability before attackers can exploit them.

The experience of learning about a breach from an external source should be a catalyst for change within an organization. It underscores the need for a dynamic, robust, continually evolving cybersecurity strategy. Addressing the gaps that allow an outsider to highlight your vulnerabilities before your team finds them should transform a potentially damaging event into a stepping stone to improvement.

The ability to adapt and learn from any source—internal or external—is the hallmark of a truly secure organization. By embracing the lessons an external discovery provides, companies protect themselves from future threats and cultivate an environment of continuous improvement and vigilance.

One final note: Always say “thank you” to the person who tells you you’re hacked. I know one guy who really appreciates it.

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter (yes, I know… X): @tliston
December 10, 2024

notification rant
© 2024 by Tom Liston
Bilberry Hugo Theme