Red Teaming
Citadelo - Hackers on Your Side!
Citadelo helps fortune 500 companies identify vulnerabilities through simulated attacks. Proud member of Boltonshield AG
Another Level of Cybersecurity Testing
Do you feel confident about the cybersecurity of your company? Many people say yes because their company regularly undergoes penetration tests and security audits of their unit systems and infrastructure. They also say yes because they feel confident that their company constantly works with suppliers to remove vulnerabilities. To that, we’d say: “Well done, BUT…”
It’s great to hear that you’re doing everything that’s recommended, or more importantly, required by law. How then, is it possible that companies that do the same thing still suffer from huge data leaks?
The answer is SIMPLE…
Individual systems can be secured very well. However, there’s always the unpredictable human factor. We can’t be 100% sure that employees won’t accidentally provide attackers with information that could be used to get into the company’s infrastructure. The only way to prevent this is to run regular simulated attacks so that employees can practice their resistance to social engineering tactics such as phishing, and the many other popular methods of today.
After reading the title of this article, you may have said to yourself, “What is RED TEAMING and why haven’t I heard of it?”
Well, it’s a technique that combines information gathering, blackbox penetration testing, and social engineering. The goal is to simulate an attack, exactly how real hackers would do it. Therefore, you don’t test just your system unit, but the whole infrastructure, together, with your own employees. So instead of focusing on finding all of the possible vulnerabilities in all of the systems inside of the network, the red team ninjas’ goal is to sneak in and achieve a defined objective by any means necessary. The objective usually represents something valuable to the customer, and may vary from “Get data from our CRM” to “Gain access to our TEST network”, or even offering some alternative objectives. An added benefit is that your IT Department or IT Security Team can also test if they would be able to detect such an attack. What a way to practice proper procedure, but better yet, with trusted hackers on your side!
To get started, let’s take a look at the main differences between standard Penetration testing and Red Teaming:
This is a game of 3 teams, so who’s involved?
The Red Team - This team is composed of senior ethical hackers whose goal is to infiltrate the company in any way possible.
The Blue Team - This is the team of professional security or infrastructure defenders. They’re usually the client’s system administrators, whose goal is to detect attacks. In order to simulate a real attack, the Blue Team doesn’t have a clue about the planned attack.
The White Team - This is a small group of people from the company who ordered the Red Teaming and who are actually aware of the attack.
So how does it work? Let’s take a deeper look into the individual phases of Red Teaming:
The aim of this introductory phase is to gather as much information as possible. The sources are usually publicly available resources (databases, registers, search engines, social networks, etc). To gather this kind of information, we use the Open-source intelligence (OSINT) framework.
领英推荐
After the information is gathered, the next phase begins by starting an attack on the infrastructure without any physical access. We examine the functionality of the infrastructure without peering into its internal structures or inner workings. The main goal is to get any access to the internal infrastructure (usually by using a compromised server). Social engineering (without the need for physical access) In this phase, we use all of the methods of social engineering, except for physical infiltration techniques (i.e. spear phishing), with specially modified malware that will allow us to get into the internal network.
In this part, we implement various situations in which employees could get caught up. For example, we’ve used the “baiting” attack by which we spread our USB flash drives around the company. In addition to standard USB sticks, we also dispose of so-called “rubber duckies”, which are improved with our firmware.
In this part, the task is to infiltrate the system by getting a member of the Red Team into the company. The goal is usually to get into their network, steal sensitive documentation or hack unlocked PCs (the “rubber ducky” tactic). This is one of the fun parts. As you can imagine, it also requires a great deal of creativity. Luckily, or unluckily rather, there are many ways to infiltrate a company. For example, someone could go in for a job interview, or even pretend that they are a delivery person with mail or other items to be dropped off.
In this case, we’ve already infiltrated the company’s infrastructure by hacking a server, or based on “spear phishing”/”baiting”, we’re able to hack the employee’s desktop. Now the task is to get from the unit server or desktop further to their network and obtain some sensitive data. By obtaining that sensitive information, we have fulfilled our task and at this stage, we inform the white team on how to communicate the steps we took. Usually, our job in the field is over here.
The last stage is where we hand the client a detailed report. The report usually consists of a detailed description of:
We then read out the report with the appropriate organization stakeholders to review each vulnerability identified during the assessment. We answer any questions that the team might have about each vulnerability, and most importantly, we discuss mitigation/remediation strategies.
To some, this might sound scary, and to others, perhaps a bit thrilling. No matter the case, it’s a good idea to take the next step in protecting yourself and your company. Learn how Citadelo stops breaches, identifies vulnerabilities, and gets your team in a better position to protect what’s important.
Contact our Sales Team to learn more about Citadelo Red teaming services and start planning for your improved security.