Analysis of Red Team Penetration Testing
This report is ana analysis of the security threats or vulnerabilities of a business, Sifers-Grayson, a family-owned business that has its headquarters in Grayson County, in the state of Kentucky, in the United States of America. The report is based on a penetration test that was conducted on the systems of Sifers-Grayson, in an attempt to discover the vulnerabilities that exist and possible points of attack in their business.
This report provides a thorough analysis and a representation of the security gaps that were uncovered or instead discovered, during these penetration tests that were carried out by a red team, contracted by Sifers-Grayson to identify the security gaps and shortcomings that exist within their computer systems, find out areas of intrusion in their systems and points that could be exploited by attackers and finally, to make recommendations to the company, Sifers-Grayson on how to address these vulnerabilities and arrest the security challenges that may arise as a result.
Indeed, in the modern IT sector and the corporate space, it is undeniable that computer systems and computers are the backbones of the operations of any business. These vulnerabilities or security gaps lead to cyber-attacks, which necessarily entail unauthorized outside hackers, exploiting a weakness in a computer system without authority, to perform unauthorized activities on a computer system, in the context of this paper, the systems of Sifers-Grayson. The exploitation of these computer systems may take some forms and may be carried out in some methods.
Such methods that may be used are, running code without authority from the organization or in this context, Sifers-Grayson, to install malware or viruses into the computer systems, steal, modify or destroy business data that is sensitive and confidential and finally, can also be done through physical stealing of hardware such as computer parts like hard disks. These are just a few of the security gaps and vulnerabilities that may arise if computer systems or computer networks are not secured, and access limited only to authorized individuals or employees. It is for this reason, that Sifers-Grayson hired an external Red Team to help it in conducting penetration tests of its computer systems and networks to ensure that they are secure and if not, to provide recommendations on how to tighten the security of their systems.
This has mainly been brought about by the desire of the family-owned business to satisfy government regulation and requirements on cyber-security and the protection of government sensitive classified and vital information. This has mostly come about as a result of recent dealings and recently conducting business with the American government and particularly, the Department of Défense and Homeland Security, sensitive security organs in the American government that have imposed additional security restrictions, under the law, in an attempt to prevent unauthorized disclosure of confidential government information. Sifers-Grayson is also required under these laws, to promptly notify the government of any intrusion or cyber-attacks on their systems.
A red team was contracted by Sifers-Grayson to conduct the penetration tests that they needed to test their systems to identify security gaps and vulnerabilities. A red team can be seen or identified as a group of hackers, that attack an organization’s computer systems and digital infrastructure with the approval or permission of that company, usually with the authorization of that company, to test the organization’s or businesses’ defence capabilities and preparedness in addressing possible future cyber-attacks. This testing carried out by the red team, is known as penetration testing. A blue team is a group of computer network professionals that have been contracted by a company to maintain the security and integrity of their internal computer systems and digital infrastructure. Sifers-Grayson has contracted an external red team to assist their internal blue team in finding these vulnerabilities through penetration testing.
In their penetration testing exercise, the red team carried out penetration testing in the operational departments of Sifers-Grayson. The cyber-security consulting firm that acted as the red team hacked into the enterprises ‘computer network. In this way, the red team was able to intrude and access the R&D servers from the engineers centre. The red team was able to gain access or hack the computer network as a result of exploiting an unprotected network connection. While inside those servers after gaining access, the red team was able to extricate files and information from the R&D servers in the engineer’s centre. Furthermore, the red team reported that from this, they were able to access design documents and the source code for their drone system.
In its penetration tests, the red team was also able to steal the passwords of some of Sifers-Grayson employees using keylogging software that they had. They put this software on USB drives that were carelessly left on lunch tables of employees. It is in this way that they were able to retrieve passwords of 20% of their employees. The red team also noted that Sifers-Grayson employees were not alert and were casual and unsuspecting in the way that they willingly opened RFID controlled doors for the red team. Furthermore, the red team installed malware in the computer systems of Sifers-Grayson through a workstation that was connected to a PROM burner in the engineering lab. The malware was used to attack a test vehicle in the Sifers-Grayson test range. The malware was intended to communicate with the red team in the R&D centre. The red team, through their malware, were able to take control of this flight vehicle that was undergoing testing and fly it from the test range site to the parking lot of Sifers-Grayson.
The red team also used logins that they acquired and stole from the business employees to send phishing emails to a few of the employees in the family-owned business. These emails were carefully designed to appear as though they had their origin from fellow work colleagues and contained a link to cute cat and kitten videos that a large number of the recipients clicked on and opened these phishing emails. These videos that were sent by the red team were linked or connected to an external server owned by the red team that tracked the email address and the computer IP address of the computer that was used to open the video. These phishing emails were disguised to contain further attractive material that lured the employees, such as business news and local news. More than a thousand recipients accessed these emails and IP addresses before the external server eventually crashed. This penetration tests went to prove just how susceptible and vulnerable Sifers-Grayson computer networks and systems are vulnerable and have numerous gaps and vulnerabilities.
In their activities, these vulnerabilities that the red team expressed and discovered in Sifers-Grayson computers are, unsecure servers, especially the R&D servers that they easily accessed, unprotected network connection points that provide a backdoor for unauthorized server access, unprotected source codes for the drone system as well as unprotected design documents, easy access to employee passwords, the casual manner with which employees handle computer systems hardware such as the USBs, the unsuspecting nature of the employees who unknowingly provided access to the red team, the lack of a proper way to detect the presence of malware and techniques to curb its spread and finally, the employees unknowingly opened emails without knowledge of whether they contained malicious viruses and malware or not. The company’s vulnerabilities therefore stem from employee negligence, poor company policy on handling of computer systems resources and inadequate technology to shield them from such cyber-attacks.
The process of the penetration test by the red team was successful in identifying the security gaps within the digital infrastructure of Sifers-Grayson in all their operation departments and finding possible points of intrusion in their systems and computer networks. It offered an important perspective on the dire situation of the business’ digital security and how important it is that the issue and the situation be fixed as soon as possible to protect the security and integrity of data and information. It is important to maintain this security that the business formulate proper policies that dictate handling of computer and network resources so as to ensure they are not a possible intrusion point. Furthermore, the company should evaluate their employees conduct and how their handling of resources can be improved, owing to the negligent, reckless and unknowing nature with which they expose the computer systems to cyber-attacks from the outside.
In the course of this penetration test that was carried out by the red team, there are lessons that could be drawn and from these lessons, appropriate action initiated. First is that the company’s digital infrastructure is easily susceptible and highly vulnerable to attacks and malicious interference from outside. The second lesson is that there is also physical intrusion that also constitutes cyber-attacks and that it needs to be addressed as well. Thirdly, if these security gaps are not solved, this could result in a massive leak of data, code and valuable information from the business’ network and computer systems. Fourthly, the company should invest in good technology, should make appropriate policies to curb cyber attacks and should introduce a system of training their employees on how to act accordingly to guard against intrusion. Finally, Sifers-Grayson should ensure that penetration tests are conducted regularly to test their defences and ensure that they are always functional and capable of withstanding such attacks.
To enhance the security and integrity of computer systems and computer networks of Sifers-Grayson, it is recommended that, remote employees use a virtual private network rather than public Wi-Fi, to guard from intrusion and unauthorized access, the employees should be assigned strong passwords and adopt good password habits and protectionist habits, the employees should be urged to observe caution when opening emails and external links, employees should be cautioned against oversharing and how to treat computer system and network resources with a sense of caution and finally, the company should limit the number of employees with access to sensitive data and information (Dinah Wisenberg Brin, 2019). Furthermore, employees and the blue team of the family owned business should be encouraged to report any anomalies that they notice and any cyber-crimes as soon as possible. I believe the company will harness various benefits from adopting this approach and will in the long run be advantageous to them. These benefits include, their data and information will be more secure and safe and as such, Sifers-Grayson will be able to transact more business due to their good reputation.
References
Dinah Wisenberg Brin. (2019, August 16). 13 ways to reduce cyberattack vulnerability. Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/13-ways-to-reduce-cyberattack-vulnerability.aspx