How well will your people, your processes, and your technological controls cope with a cyber attack? With a Red Team attack simulation, you’ll find out.
From a CISO to a security analyst, all the effort put in by security teams is to ensure their organisation is prepared to handle all situations. Red teaming or cyber attack simulation is an increasingly popular way employed by organisations to check on their attack preparedness.
This is an attack simulation of a threat actor attempting to exploit weaknesses in target networks, applications, or using human factor. Our red team prepares the plan based on surveillance and research, as well as the latest tactics, techniques, and procedures (TTP) used by malicious threat actors.
By thinking like an attacker, or one of your competitors, the Red Team exercise is driven to gain access and is not restricted by assumptions or preconceptions.
Red teaming is sometimes mistaken for penetration testing. It is not suitable for every organisation as basic defences are expected to be in place; and it’s not a justified expense for all businesses - it requires some level of cybersecurity maturity.
If you don’t think your business is at this stage, you can use your budget on various other security initiatives that are guaranteed to maximise returns – get in touch with us to find out your best options.
If you think you’re ready for a red team engagement, here are the benefits:
The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.
Cybersecurity is only effective when it is proactive. By identifying weaknesses and vulnerabilities before they are exploited, you ensure the integrity of your network. Frequent security assessments also create a more efficient system, helping to prevent data loss and minimise any downtime that would affect your business and your customers.
No one doubts the talent and commitment of your in house administrators and developers, or the great work they’re doing. But, by having a third party come in and perform an independent cybersecurity audit and review of your systems, you can ensure that no stone is left unturned. Our team of skilled cybersecurity experts will help to identify any vulnerabilities and weaknesses your team may have missed.
Where the red team is different from traditional pentest is that it comes with a lot of creativity and thinking out of the box. Based on the results from all the phases above, campaigns /scenarios are created which would provide the best results. The aim is to go undetected and remain stealth for the maximum period.
Rather than replicating only the most likely attack methods, Red Team operatives will also try unlikely ones, employing creative approaches that a motivated attacker would use without hesitation.
A layered approach is employed, with multiple attempts at breaching defences. For example, launching a focussed campaign only to target one branch at a time, send phishing emails to a completely different geographical location posing as IT from head-office who are in a different time-zone.
The first level of access achieved from the "low-hanging" fruits found in previous phases does not allow full access to the underlying target. An attacker may not perform desired tasks for further activities such as password hashes retrieval, adding privileged users or tasks. Privilege escalation techniques are attempted by exploiting a bug, design flaw or configuration oversight in an operating system, or software/application to gain elevated access. This allows our security experts to perform elevated tasks that are key for lateral movement to infiltrate into the target network.
Using an open-source, commercial, and custom scripts, vulnerabilities that would cause no network or host level impact are targeted for exploitation. The objective here is to find higher-level privileges to achieve the highest possible access on a system. This system is then used as a base for further lateral movement in order to attempt to compromise the entire network, domain, or the agreed target. Based on the scope of the project, this access can be maintained for days to achieve further objectives or considered a completion of the assessment.
The prioritised list of targets is scanned for vulnerabilities. This assessment involves checking both published as well as undocumented vulnerabilities against the target assets. We sift through the scan results for false positives. The manual assessment ensures that only verified vulnerabilities are focused upon.
Based on the response received from the reconnaissance phase, the target list is prioritised. The priority would be based on "low-hanging" fruit that could aid in gaining a foothold within the network trivially.
The first step of reconnaissance activity includes passively identifying the hosts and services visible on the Internet. This includes limited Open Source Intelligence phase. During red teaming or related offensive security projects, this exercise involves extensive information gathering about a customer's people, processes and technology in use. Research based threat intelligence is an integral part of any offensive exercise.
Overall, the aim of this phase aims to harvest as much information as possible about your organisation that would be used for later phases.
We provide full flexibility to our clients on all our projects. We work on a phased approach so that you can get the best return on your investment, and cost each element of the project individually and visibly so that you have maximum control over how you spend your budget.
If for any reason you want to cancel a project, we require a minimum notice period of one week, when of course you won’t be charged.
Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.
Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.
An investigation was immediately launched which revealed the compromised account contained protected health information. Affected patients were notified about the breach on April 12, 2019. All individuals impacted by the breach had received medical services from Questcare in the Dallas, Fort Worth, or Arlington regions of Texas.
Netflix customers in Ireland are being targeted with a phishing attack in an attempt to hack their accounts. The streaming giant has put out a warning to try to avoid other users falling victim to the same fraud.
