Assessing Organisations' Cyber Attack Exposure through Cyber Threat Intelligence

Abstract

This work presents, analyses and discusses, through a qualitative and quantitative analysis, the results of external cyber threat intelligence that was conducted and provided as a service for 13 different commercial organisations based in northern Italy and finalised to the assessment of their attack exposure. Several categories of threats were identified. Data leakage was the most common and was observed for all the investigated organisations. All the organisations had vulnerable systems within their network: several high, medium and low-score vulnerabilities were observed across the various organisations. Most of the observed vulnerabilities had a medium CVSS score. Botnets, unmaintained hosts, exposed development and internal hosts, mentions over the clear, deep or dark Web and malicious files communicating with the organisation were other common threats. Other observed threats were exposed database and RDP services, spoofing domains, missing or expired SSL certificates and DNS zone transfers. The work highlights a trend towards the prevalence of potentially dangerous threats that, if not properly mitigated, could lead to compromise of data integrity, availability and confidentiality, followed by huge impact on the business and financial losses. A deeper analysis of the leaked datasets of compromised credentials revealed a critical trend of employees using their business e-mail address to register on third-party online services.