It also means carving out space for this work in how you prioritize. If strategic efforts like attack surface reduction are always competing against urgent patching, they will always lose. That might mean setting aside time each quarter to review and reduce exposure, or assigning clear ownership so someone is accountable for it — not just when a crisis hits, but routinely.
3. Continuous monitoring
Attack surface reduction isn’t a one-time exercise. Exposure changes constantly — a firewall rule gets edited, a new service gets deployed, a subdomain gets forgotten — and your team needs to detect those changes quickly.
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.
Described as “sophisticated,” the campaign mixes social engineering with advanced evasion techniques to steal sensitive information from compromised systems.
It is unclear how the attack begins, but researchers at Aryaka, a network and security solutions provider, suspect that the malware is distributed via spear-phishing emails.
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store.
The malware combines banking trojan functions with Monero mining, and can steal credentials, as well as tamper with cryptocurrency transactions.
Kaspersky researchers discovered BeatBanker in campaigns targeting users in Brazil. They also found that the most recent version of the malware deploys the commodity Android remote access trojan called BTMOB RAT, instead of the banking module.