We will work closely with you to define the parameters of the test and establish clear channels of communication so that you are always in touch with us while the test is ongoing. The dropbox is a computer that you plugin to your network that only our certified pentesters have access too. We'll send you a "dropbox" which is essentially a proxy for a hacker who finds herself newly on your network. Can we gain elevated access even up to Domain Admin? Can we pivot from an administrative network to your secure research and development network? Are your databases protected or can we gain access and to what data? Assumed Compromise TestĪn "assumed compromise test" like the one performed by Alertra specifically targets the internal network and asks the question, "If the bad guys get in, what can they do?" We probe the network looking for weak spots that can be exploited to gain further access. Just as this supply chain attack was announced it was discovered that a hacker had implanted malware in the Vietnam government's digital signature toolkit.
SOLARWINDS WIKI SOFTWARE
Even the software that comes certified, scanned, and cryptographically signed from the vendor may be compromised. You have to trust someone and well known and regarded software suppliers would certainly be on that list. This "Supply Chain Attack" is one that is hard to plan for and detect. The attackers literally had months to exploit these backdoors before they got a little too aggressive and FireEye's internal security caught them. The backdoor was minimal and flew under the radar of anti-virus software.
SOLARWINDS WIKI UPDATE
They waited for customers, probably in an automated software update process like we all use, to update to the latest version. They changed the SolarWinds software to include the backdoor and then they waited. This happened because SolarWinds itself was hacked and the attackers gained access to the software build process. Microsoft, also affected, believes up to 18,000 installs of the SolarWinds Orion product may be infected. SolarWinds provided the network management software FireEye (and about 30,000 other companies and government agencies) use and that software had been altered to contain a backdoor**. The hack didn't originate with FireEye, it was in a product of an upstream provider, SolarWinds. This might seem like a "cobbler's kids have no shoes"* scenario, but it may turn out that the hackers were only caught because FireEye's security was tighter than most. SolarWindsĮarly December 2020, FireEye, a major computer security firm announced they had been hacked and proprietary tools stolen. Perceptions changed in the most catastrophic way December 2020. You can have security guards who are highly trained so outside people can't get in, your employees can be vetted and beyond reproach (sometimes they get angry), your anti-phishing training is 100% (it isn't) and still your internal network is vulnerable because it's no longer just your organization you have to be aware of. But I think you're wrong on that because your threats are not just external, they can be internal as well. If your external network is bulletproof though, you might think, then the internal network security isn't that important. It is where your trade secrets are, your billing, your customer records, and financial records all sit. However, your organization's network also has an internal attack surface and that is behind the firewall, behind the DMZ, to the local network your employees use everyday to get things done and it is just as important as the external network. Most security audits or penetration tests concentrate on your organization's network external attack surface, your website, application servers, routers, VPN appliances, etc. Someone could even attempt to contaminate the manufacture of a spare part at a 3rd party facility in hopes of grounding the plane. What if you could contaminate the pilot's food beforehand so he/she got sick and was unable to fly? How about compromising the integrity of someone on the maintenance crew to disable the aircraft? These are internal attack surfaces of the plane and just like the military, companies must protect them as well. That is one attack surface of the plane the external attack surface. For instance if you wanted to attack this F/22 Raptor you could shoot projectiles or explosives at its wings, body, engines, etc. You can break down an organization's susceptibility to illegal compromise into attack surfaces.
0 kommentar(er)
