Modern Networks Meet New External Risks. Are We Prepared?

Introduction: The Risks Have Changed and So Must Our Approach

Enterprises operate vast, sprawling networks of digital assets, many of which extend outside of their network perimeter and beyond their immediate control. Today’s modern landscape has changed dramatically, and external assets are exposed to newer and more sophisticated threats due to evolving attack vectors, emerging technologies, and expanding digital footprints.

Managing an external attack surface has always been challenging and new complexities demand security solutions that solve problems, not create new ones. The risks that enterprises face today have changed and grown well beyond cloud adoption. Cloud adoption has happened, and security professionals find themselves in a new Gen AI era tackling challenges not seen or encountered before.

The New Gen AI Era of LLMjacking

The recent new term “LLMjacking” is now part of the cybersecurity language with sophisticated hackers obtaining stolen access to LLMs from OpenAI, Anthropic, etc. to generate images, circumvent national bans, and more. It is the secret use of other company’s generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill. Researchers from Sysdig recently observed hyperactive LLMjacking operations by LLMjackers (yes, that’s a new term too) who obtained stolen access to DeepSeek’s V3 model and similarly to the DeepSeek-R1 release on January 20, 2025, which attackers had access to the very next day after its release.(1)

This increased exposure presents a further need to proactively secure the attack surface — but what should CISOs, and security teams be looking for, so they are not blind sighted? What view of a hacker are they missing in this new modern threat landscape?

Let’s explore 7 new ways external assets are at risk today and why EASM has become an integral part of an enterprise’s security strategy.

7 New Ways External Assets Are at Risk Today

In addition to LLMjacking, the increased exposure of external assets is directly correlated to the growing threat landscape. Below are some of the ways external assets are at risk today and how cybercriminals are using modern and more sophisticated methods to exploit weaknesses.

1. Supply Chain and AI-Driven Attacks

• Software Supply Chain Compromise: Threat actors manipulate open-source repositories, introduce malicious dependencies, or exploit Continuous Integration/ Continuous Deployment (CD/CD) pipelines.
• Deepfake Phishing & AI Social Engineering: Attackers now use AI-generated voice, video, and text to impersonate executives, trick employees, and bypass traditional authentication methods.
• AI Model Poisoning: AI-driven security tools and decision-making systems can be poisoned with adversarial inputs, causing incorrect risk assessments or model biases.

2. API and Serverless Exploits

• Exposed & Unsecured APIs: With the proliferation of API-first development, many external APIs are misconfigured or lack proper authentication, making them prime targets for data scraping and exploitation.
• Serverless & Edge Computing Risks: Lightweight serverless functions (AWS Lambda, Azure Functions) often lack visibility and security monitoring, making them easy targets for logic manipulation attacks.
• GraphQL Abuse: The shift to GraphQL APIs has introduced over-fetching, under-fetching, and improper authorization risks that attackers exploit to extract unauthorized data.

3. Dark Web Credential Resale & Initial Access Brokers (IABs)

• Underground Cybercrime Economy: An underground economy has evolved with IABs selling corporate network access on the Dark Web with threat actors buying access from others.
• For Sale: A leaked VPN credential, misconfigured remote desktop protocol (RDP), or cloud admin login can be sold far as little as $50-$500, giving attackers instant access to enterprise assets.

4. Edge & IoT Device Exposure

• Proliferation of IoT: Smart devices and edge computing has expanded the external attack surface beyond traditional cloud environments.
• Device Monitoring: IoT devices often lack security patches and expose enterprises to firmware exploits, hardcoded credentials, and zero-day vulnerabilities.
• Instant Access: A compromised smart building system or industrial IoT device (e.g., connected HVAC, CCTV, or robotic automation) can serve as entry point into enterprise networks.

5. Emerging Identity & Authentication Threats

• Adversary-in-the-Middle (AiTM): Attackers now bypass MFA using AiTM techniques and session hijacking.
• Adoption of Passwordless Authentication: The adoption of passkeys and passwordless authentication creates new attack vectors for session persistence and credential abuse.
• Real-world Risk: Phishing-resistant MFA is a step forward, but attackers now intercept tokens and sessions, allowing them to persist access long after initial authentication.

6. Zero-Day Vulnerabilities in SaaS Platforms

• No-Code/Low-Code Environments: Enterprises rely heavily on SaaS, low-code, and no-code platforms like Microsoft PowerApps, ServiceNow, and Atlassian. Attackers now target vulnerabilities in customer workflows, automation scripts, and misconfigure SaaS environments.
• Lateral Movement: A single misconfigured Jira, Slack, or SharePoint instance can expose sensitive data or allow lateral movement across external assets.

7. Decentralized & Blockchain-Based Services Exploits

• Decentralized Finance (DeFi): With the rise of DeFi, smart contracts, and blockchain-based applications, both have introduced new security risks including private key leaks, smart contract exploits, and cross-chain bridge vulnerabilities.
• Revenue Siphoning: In 2023, the Poly Network hack saw attackers exploit smart contract logic, siphoning over $600 million from decentralized applications.(2)

Why EASM is Critical for Enterprises

Security strategies and tools often focus on internal defenses, but more enterprises understand the importance of ensuring their external-facing asses are not only accounted for but remain safeguarded from malicious attackers. EASM fills this gap by continuously discovering and assessing all externally accessible assets, ensuring that security teams have complete visibility of both their internal and external attack surfaces. Here are some of the top reasons enterprises need EASM today.

Identifying and Managing Unknown Assets

• One of the biggest challenges for enterprises is Shadow IT – unauthorized or forgotten digital assets that are still exposed to the internet. These can include abandoned cloud instances, misconfigured web applications, and third-party services that security teams are unaware of. EASM tools continuously scan the internet to identify these assets, allowing enterprises to take control of their digital footprint before attackers exploit unknown vulnerabilities.

Reducing the Attack Surface

• Every external-facing asset represents a potential entry point for attackers. Misconfigured cloud environments, exposed databases, or outdated applications can become weak links in an enterprise’s security posture. By identifying and mitigating vulnerabilities in these assets, EASM helps security teams shrink their overall attack surface, making it harder for adversaries to find an exploitable entry point.

Prioritizing Risks Based on Real-World Threats

• Not all vulnerabilities pose the same level of risk. EASM solutions use risk-based prioritization to help security teams focus on the most critical threats. By leveraging intelligence from real-world attacker tactics, techniques, and procedures (TTPs), EASM tools assess vulnerabilities based on their likelihood of exploitation and impact on business operations. This ensures that security resources are allocated effectively, preventing costly breaches.

Enhancing Threat Detection and Incident Response

• Enterprises need real-time monitoring to detect emerging risks before they turn into full-blown attacks. EASM continuously tracks changes in the external attack surface, alerting security teams to new vulnerabilities, misconfigurations, or anomalous behaviors. It also ensures that mitigation measures that have been put in place remain effective. This enables faster incident response, minimizing potential damage and reducing dwell time for attackers.

Regulators Mandate External Asset Assessments

• Regulatory requirements such as PCI DSS, DORA, and NIS2 mandate that enterprises maintain a strong cybersecurity posture, including regular assessment of external assets. EASM provides the continuous mapping and monitoring capabilities needed to ensure compliance with these regulations. Automated reporting features help security teams demonstrate due diligence and maintain audit readiness.

Optimizing Security Costs

• Early identification and remediation of vulnerabilities can significantly reduce the costs associated with data breaches. According to IBM’s Cost of a Data Breach Report 2024, the average cost of a breach reached $4.45 million. EASM enables security teams to address issues proactively, preventing expensive incident response efforts and reducing financial liabilities related to regulatory fines and litigation.(3)

New Challenges That Make EASM Essential

We now have a good idea of what security professionals are now facing in today’s modern environment. The increasing sophistication of attackers means that enterprises must rethink how they handle external risks. Below are a few use cases that reflect the modern challenges and these new risks and why EASM is essential for enterprises today.

Use Case #1: Gen AI Platform and LLMjacking

LLMjacking, a new form of cyber exploitation, has emerged as attackers hijack access to expensive large language models (LLMs) and use them without authorization. The recent DeepSeek LLMjacking highlights how rapidly threat actors can exploit newly released AI models, leveraging them for illicit purposes such as generating images, bypassing national restrictions, and avoiding compute costs.

Example Attack:

• LLMjacking shares similarities with cloud resource hijacking, where attackers compromise misconfigured or exposed cloud instances to mine cryptocurrency, execute large-scale automated attacks, or conduct stealthy data exfiltration.
• Cryptojacking attacks have targeted cloud-based Kubernetes clusters, exploiting weak API security and misconfigured access controls to mine Monero (XMR), a privacy-focused cryptocurrency, using the victim’s infrastructure.
• Both these examples exploit publicly exposed secured digital assets, emphasizing the need for continuous pentesting and proactive security strategies.

Mitigation:

• EASM for continuous mapping and monitoring of externally exposed assets, including API endpoints, cloud instances, and AI model interfaces.
• Continuous penetration testing of external assets helps uncover misconfigurations, weak authentication, or API security gaps that could allow LLMjackers to gain access.
• Secure API and cloud access controls enforce strong API authentication (such as OAuth and JWTs) to monitor access logs for anomalous activity.

Use Case #2: AI-Powered Attack Automation

Case Study: WormGPT & FraudGPT used in automated phishing attacks

In 2023, researchers discovered WormGPT and FraudGPT AI models specifically trained for cybercrime. These AI-driven tools allowed even novice attackers to generate realistic phishing emails, automate social engineering scripts, and craft polymorphic malware.

Example Attack:

• A global financial firm saw an increase in phishing emails perfectly mimicking internal HR communications, requesting employees to update direct deposit information.
• AI-generated emails bypassed traditional spam filters due to their human-like structure and tone.

Mitigation:

• AI-powered email security to detect AI-generated phishing attempts.
• Behavior analytics to spot unusual email activity (e.g., mass emails from unverified sources).

Use Case #3: API Supply Chain Risks & Zero-day API Exploits

Case Study: MOVEit Transfer API Zero-Day

The MOVEit Transfer API Zero-Day Exploit in 2023 was an SQL injection flaw that Clop ransomware exploited to steal data. Attackers injected malicious queries via the API, bypassing authentication and directly accessing databases, leading to widespread breaches.

Example attack:

• Attackers exploited a zero-day vulnerability in the MOVEit Transfer, a widely used file transfer API, causing major operational disruption for a national healthcare firm.
• In addition to their organization, over 2,500 other companies were compromised exposing personal and financial data of more than 60 million individuals globally.

Mitigation:

• Automated API discovery scans and risk assessment.
• Continuous pentesting of API endpoints to identify flaws before exploitation.
• Implement least privilege access for APIs to limit blast radius.

USE CASE #4: Dark Web Credential Resale & Initial Access Brokers

Case Study: Okta Credential Leak

In 2023, Okta suffered a credential leak when attackers accessed and stole IT support session tokens, enabling unauthorized access to customer accounts. These credentials were later sold on the dark web, putting multiple organizations at risk. The breach stemmed from compromised administrative access, highlighting weaknesses in session management and security controls.

Example attack:

• Stolen employee credentials from a global consumer goods company were sold on the Dark Web allowing attackers to gain access to the enterprise networks using legitimate accounts.
• The breach impacted thousands of organizations relying on the services provided by this company.

Mitigation:

• EASM: Dark Web scanning and monitoring for credential leaks based on compromised accounts.
• Continuous pentesting conducted externally by experts to ensure complex vulnerabilities are identified and mitigated that may not be discovered through automation.

Conclusion: EASM As a Security Imperative

External Attack Surface Management adoption has become a necessity for enterprises seeking to maintain security, compliance, and business continuity. In a world of Gen AI, security leaders must have complete visibility and the intelligence they need to proactively defend their external assets against potential cyber threats. Continuous pentesting has allowed enterprises to move beyond reactive security measures and have integrated EASM as a foundational element of their cybersecurity strategy.

By integrating EASM, enterprises are continuously informed of unknown exposures, Dark Web account compromises, Shadow IT, misconfigurations, and emerging vulnerabilities. As these threats become more sophisticated, security leaders must shift from a defensive posture to an offensive security mindset, leveraging EASM alongside threat intelligence, penetration testing, and continuous threat exposure management (CTEM). By doing so, security teams can ensure their entire digital ecosystems remains secure and that they are prepared when the next attack occurs – and it will.

References:

1. DarkReading. (2025, February 7). LLM hijackers quickly incorporate DeepSeek API keys.
2. The Record. (2023, July 3). Crypto platform Poly Network suspends service after hacker steals millions of dollars in digital assets.
3. IBM. (2024). Cost of a data breach report 2024. IBM Security.