Why Old Attack Methods Still Compromise Modern Infrastructure

A recent wave of high-profile cyberattacks targeting critical infrastructure and major enterprises serves as a stark reminder of how adversaries, including sophisticated nation-state actors, sustain a continual foothold within their targets’ networks.

Upon closer inspection, the methods used to infiltrate these organisations are rarely novel. Instead, attackers persistently rely on proven, effective tactics, targeting low-hanging fruit like known critical vulnerabilities, overprivileged access, and publicly exposed secrets. Like moths to a flame, bad actors are drawn to these secrets such as hardcoded API keys as they provide the most direct path to move laterally, escalate privileges, and access an organisation's most valuable assets. Advanced Persistent Threat (APT) actors take this a step further, creating hidden backdoors to exfiltrate data over long periods without detection.

This challenge is compounded by the rapid pace of technological innovation. As the shift to cloud computing accelerates, the number of assets, applications, and identities expands, creating new vulnerabilities and misconfigurations for attackers to exploit. They use automated tools to scan public repositories like GitHub, misconfigured cloud storage, and web applications for exposed secrets, turning a simple oversight into an unintentional breach. This problem is widespread; currently, one in 10 organisations has storage resources containing sensitive data that could be at risk if exposed.

To counter these persistent threats, a fundamental shift in mindset is required, moving from simply managing vulnerabilities to proactively managing cyber exposure. While crucial, vulnerability management is only one piece of the puzzle and is not sufficient to tackle the threats emerging from APTs and other determined adversaries. A preventive approach is necessary to curb the risk posed by these actors.

This is where proactive exposure management becomes essential. It provides a holistic view of the entire attack surface, from on-premises systems to the cloud, allowing organisations to understand and prioritise risk in a way that traditional approaches cannot. By mapping the complex relationships between assets, identities, and their inherent risks, exposure management platforms can identify and prioritise potential attack paths before they are exploited. This unified visibility becomes paramount as adversaries probe for the single weakest link and is critical for outmanoeuvring the acceleration of attacks in the modern era.

Ultimately, organisations must embed this proactive strategy into their daily operations. This includes continuously identifying where sensitive data resides and implementing robust controls like just-in-time access, multi-factor authentication, and the principle of least privilege to ensure secrets are accessible only by those who need them.

Given the increase in cyberattacks, a reactive security posture is unsustainable. Organisations must anticipate these threats by proactively understanding their full exposure, focusing their defences where they matter most, and closing the gaps that attackers have proven they will exploit.

Satnam Narang, Sr. Staff Research Engineer at Tenable