Image: Getty/Marko Geber
The US Cybersecurity and Infrastructure Security Agency (CISA) has detailed how, during a cybersecurity red team assessment, it was able to gain access to the network a large critical infrastructure organization — and how the lessons learned can help others to toughen up their network security
The red team exercise against the network of the unnamed “large critical infrastructure organization” came after the organization requested it from CISA to test its cybersecurity posture.
Also: Google’s hackers: Inside the cybersecurity red team that keeps Google safe
A red team is a group of cybersecurity experts who are tasked with thinking like malicious cyber attackers, using offensive hacking techniques to probe network defenses and test how the defenders — the blue team — will react, then report back on what happened so that the client who requested the red team exercise can improve their cybersecurity.
According to CISA’s analysis of the test, there were 13 occasions where the red team acted in a way which was designed to provoke a response from the people, processes, and technology defending the organization’s network.
But many of these potentially malicious actions weren’t detected.
“The CISA red team obtained persistent access to the organization’s network, moved laterally across multiple geographically separated sites, and gained access to systems adjacent to the organization’s sensitive business systems,” said CISA.
Also: The best security keys
Like many cyber-attacks, this red team exercise started with phishing attacks, sending specifically targeted