Skip to main content

Energy

|

Mid-market (~200 employees)

40% of Assets Were Unknown

A European energy company had no idea that 40% of their internet-facing assets were invisible to their IT team. Here's what Discovero found — and what could have happened.

Book Your Assessment

The Challenge

What We Were Up Against

A mid-market European energy company engaged Discovero for a routine external attack surface assessment. Their IT team believed they had full visibility over their public infrastructure — approximately 10 internet-facing services across two domains.

They were wrong.

What Discovero Found

Assessment Results

16

Subdomains discovered

41

Live services identified

9

caseStudies.energy.metrics.

45

caseStudies.energy.metrics.

4

caseStudies.energy.metrics.

12

caseStudies.energy.metrics.

18

caseStudies.energy.metrics.

11

caseStudies.energy.metrics.

Key Findings

1

Remote Code Execution via Legacy SSH (CVSS 9.8)

An internet-facing server was running an outdated version of OpenSSH (7.4p1) vulnerable to CVE-2024-6387 (regreSSHion). This race condition vulnerability allows unauthenticated remote code execution as root. The server was a forgotten staging environment from 2019, still connected to the internal network.

2

Unauthenticated Kubernetes Dashboard (CVSS 10.0)

A Kubernetes Dashboard was exposed on port 443 without authentication. Service Account tokens were extractable, granting full cluster access. Through mounted IAM roles, this provided access to cloud infrastructure including databases and storage. The dashboard had been deployed with --enable-skip-login during initial setup and never locked down.

3

Web Application Vulnerabilities (CVSS 7.8)

The main customer portal contained a Stored XSS vulnerability via the file upload mechanism, and the REST API had an IDOR vulnerability exposing user records. Both issues were in the production application serving external customers.

4

Missing Security Headers Across All Properties

None of the 16 discovered subdomains implemented Content-Security-Policy or Strict-Transport-Security. Average security header score: 7%. Multiple servers exposed version information via X-Powered-By headers.

The Impact

What Could Have Happened

ScenarioEstimated Impact
Ransomware attack (most likely)EUR 160,000 – 600,000
Data breach + GDPR finesEUR 500,000 – 2,000,000
Cloud infrastructure compromiseEUR 200,000 – 800,000
Discovero assessmentEUR 4,900

Remediation was 20x cheaper than the most conservative incident estimate.

The Outcome

What Was Done

  • 91.3% of web services were missing critical security headers — all were remediated within 2 weeks.
  • The legacy SSH server was decommissioned within 24 hours of receiving the report.
  • Kubernetes Dashboard was secured behind VPN with OIDC authentication.
  • XSS and IDOR vulnerabilities were patched in the next sprint cycle.
  • The client established a quarterly assessment schedule to maintain visibility.

Key Takeaway

You can't protect what you can't see. This energy company had 4x more internet-facing services than they knew about — and a CVSS 10.0 vulnerability on one of them.

Want to Know What's Hiding in
Your Attack Surface?

No agents. No credentials. Just your domain. First results in 48 hours.

Book a Free ConsultationSee Pricing