In recent years, protecting critical infrastructure entities has been synonymous with ensuring the continued operations of governments and economies.
In the United States, a CISA Red Team was recently granted permission to conduct a stealthy three-month attack on a critical infrastructure organization to assess the group’s cyber security posture.
The Red Team gained access to network resources without detection. When the Red Team hackers attempted to trigger a reaction, the organization did not respond. No one appeared to have noticed the intrusion.
CISA Red Team exercise
After gaining persistent access to the network, the Red Team moved laterally across the organization’s multiple, geographically separated sites. Eventually, the team accessed systems that were adjacent to the organization’s sensitive business systems (SBSs), reported CISA.
Blocked by MFA
The Red Team experienced an interruption in their activities upon encountering multi-factor authentication protocols. If your organization has been reluctant to adopt multi-factor authentication, see seven good reasons as to why you should reconsider your strategy – here.
CISA’s target organization
To date, CISA has not yet publicly identified the target organization’s area of critical infrastructure. At present, CISA lists 16 different sectors under the critical infrastructure umbrella, including healthcare, transportation, water systems, energy, manufacturing and financial services.
CISA’s attack tools
The Red Team in this activity utilized tools such as Cobalt Strike, a commercially available software that’s commonly used for testing purposes, but that’s also easily repurposed by malicious hackers.
The team also weaponized phishing emails, ultimately succeeding in eliciting responses from two different organizational workstations.
CISA Red Team authority
Upon request, the CISA Red Team can provide expertise and technical assistance to critical infrastructure operators.
Says CISA, the group’s Red Team recommendations are “…applicable to help other entities assess and improve their cyber security…”
Cyber security resources
If your organization is considered a critical infrastructure entity, we encourage you to explore the following security resources:
- A CISO’s Guide to Preventing Attacks in the Government Sector
- Energy Industry Faces Imminent Cyber Security Threat
- Hackers Could Crash Power Grids, but They’re Mostly After…
- Critical National Infrastructure, Cyber Security Preparedness
- Zero Day Threats: Future-Proofing your System
Learn more here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the Cybertalk.org newsletter.