• 06/02/2025
  • Technical contribution
  • Hacking & Defence

Detecting hacking before it happens

Why threat hunting and attack surface management are essential

Written by it-sa Team

Sponsored by

Censys
Censys
Binary code with the word ‘threat’ in the middle

Cyber attacks are no longer the exception – they are part of everyday life. However, many companies are unaware of how visible they are online – and which vulnerabilities attackers could exploit. The IT Security Talk with Censys shows that those who know their attack surface can take targeted countermeasures.

Learn more about how you can protect yourself against cyber attacks.

The reality: Attackers are faster than defenders

The latest State of the Internet Report 2025 reveals an alarming trend:

  • Over 3,000 active malware instances worldwide
  • Germany ranks sixth with 123 identified C2 infrastructures
  • Most common malware: CobaltStrike, Viper, Silver, Remcos
  • 55% of malicious activity originates in China and the USA

These figures prove that command-and-control servers (C2) are distributed globally – and often operate unnoticed.

Threat hunting: From reacting to acting

Threat hunting means proactively searching for threats before they cause damage. Modern platforms enable:

  • Daily updated maps of active threat infrastructures
  • Tracking of known groups such as FIN7 or APTs
  • Automated block lists for firewalls
  • Live scans to check for changes

An example: The FIN7 group operates over 600 active hosts worldwide. Continuous monitoring allows their activities to be detected early – and blocked.

Relevant providers in the field of threat hunting

Attack surface management: What is visible from the outside?

Many companies underestimate how much of their infrastructure is publicly accessible. Practical examples:

  • Open camera streams without authentication
  • Telnet access with standard passwords
  • Control systems (HMI) directly accessible via the Internet

These systems are not only vulnerable – they are often undocumented or overlooked by the IT department.

A helpful tool for analysing such risks is a platform such as Censys. It allows you to view your own infrastructure from an attacker's perspective: Which services are publicly accessible? Which protocols are running on unusual ports? Are there any indications of outdated software or incorrectly configured systems?

With features such as:

  • daily scans
  • historical status comparisons
  • automated risk analyses
  • and threat intelligence on known attacker groups

companies can systematically identify and reduce their attack surface – before it is exploited.

What companies should do now

  1. Identify the attack surface: Which systems are publicly accessible? Which protocols are open?
  2. Use threat intelligence: Which threat groups are active? Which IPs should be blocked?
  3. Perform live scans: Has anything changed? Are there any new vulnerabilities?
  4. Clarify responsibilities: Who is responsible for external visibility and response?
  5. Establish security by design: Security aspects must be part of development and operations.

________________________________________

Conclusion: Visibility is the first step towards security

If you don't know what is visible, you cannot protect yourself. Threat hunting and attack surface management are not optional extras – they are essential. Only those who know their digital attack surface can defend themselves effectively.

More info on the topic? Watch the recording now!
Editorial note:
This article is based on the corresponding presentation during the IT Security Talk on the topic of regulation on 31 July 2025 and was created with the support of KI. 

Author

it-sa Team

Organisation & Community

NürnbergMesse GmbH