"Why Out-of-Scope Assets are Prime Targets for Attackers"

Out-of-scope assets are those neglected by security teams. These are normally regarded as non-critical, but the potential of chained attacks caused by problems such as subdomain takeovers makes it more important than ever to monitor and safeguard the entire attack surface. According to ESG Research, 69 percent of firms have experienced a cyberattack that began with the exploitation of an unknown, unmanaged, or incorrectly configured Internet-facing asset. Common examples include marketing and support platforms from third parties, subsidiary and legacy environments, development and staging environments, partner tools, and more. While these are not usually the most critical assets, if they are open to the Internet, threat actors can simply exploit them. This means that an organization's Internet-facing attack surface has become increasingly sophisticated and is constantly expanding. There are new assets, libraries, and code, so the possibility of new vulnerabilities grows. In actuality, there is no such thing as "in-scope" or "out-of-scope" for an attacker who is looking at how vulnerable their target is. These assets widen an organization's attack surface and potentially introduce significant vulnerabilities. Awareness gaps can be caused by staff shortages, the number of vulnerabilities to address, or alert fatigue. Attackers do not discriminate since they are equal opportunists who look for the simplest means to infiltrate a target and move around until they find what is most valuable. Often, it is the out-of-scope assets that are the most vulnerable, and attackers rely on them for the quickest entry into an organization. These attackers hack for fun, learn from their peers, and use vulnerability disclosures from bug bounty programs to look for their way into a network. This article continues to discuss why attackers might want to target out-of-scope assets. 

Cybersecurity Insiders reports "Why Out-of-Scope Assets are Prime Targets for Attackers"