The demand and pressure for penetration testing services are growing every day – ethical hackers are racing to find all the vulnerabilities before the not so ethical ones do. The subject of penetration testing has expanded and deepened, with each specific area, whether web application, IoT, wireless, or even mobile, carrying significant importance. Arguably, the most overlooked in terms of its importance is the external penetration test. Your external defenses are what stand between your safeguarded data and the adversaries.
Using the classic house analogy, your external network is akin to your house. The windows and doors are the only accessible entry points for a burglar; one can’t break into a wall. Burglars assess the physical security, locks, cameras, and dogs before they plan their attack. Hackers embody this burglar mentality on the internet. They first conduct reconnaissance to assess your vulnerabilities; if your external network exposes weak and poorly configured defenses, it might as well be like leaving your front door open at night.
The majority of security breaches have their origins in sophisticated social media campaigns. However, as anti-phishing training becomes more common, hackers are seeking alternative means to deploy their ransomware, exfiltrate data, or sow chaos and confusion.
The colonial pipeline hack is a case in point. The hackers used a set of credentials bought on the dark web and accessed an exposed VPN that lacked multi-factor authentication (MFA). The SolarWinds hack, which affected 18,000 companies, including major U.S. government agencies, is another instance. The initial breach, occurring in 2019 and undetected until late 2020, allegedly stemmed from a clear text password found on GitHub.
Hackers don’t need to actively scan or even visit an IP address to pinpoint potential weaknesses in a company’s external defenses. Search engines like Shodan do the job for them, scanning the internet for open ports and enumerating services and versioning information.
Here are some alarming statistics:
- Nearly 5 million port 3389 (plus an additional 94,311 on port 3388) open RDP ports are exposed globally, with over 1.6 million in the U.S.
- Over 4.1 million MySQL database ports are exposed, with 1.5 million in the U.S.
- Approximately 826,729 SMB v1 Windows hosts, potentially vulnerable to the EternalBlue exploit, are exposed, with 318,713 located in the U.S.
This information is readily available, underscoring the widespread issue of inadequate security practices. These services should never be directly exposed to the internet and should only be accessible via internal networks or VPNs.
So, what sets Brackish Security apart? We don’t just run a generic scanner against your IP space and call it a day. We take a comprehensive approach to vulnerability assessment and penetration testing. We search for forgotten subdomains, check breach data for credentials, sift through GitHub for residual passwords, attempt to discover novel exploitation techniques and vulnerabilities, and much more! If we can log in with the found credentials within our limited time, rest assured, unethical hackers with unlimited time can too.
Our goal at Brackish Security is to secure your “house” thoroughly, ensuring that every “window” and “door” is assessed, fortified, and monitored, leaving no room for the modern-day, sophisticated “burglars” of the cyber world.
Contact us today, if you’re looking for an external penetration test!