In recent years, protecting critical infrastructure entities has been synonymous with ensuring the continued operations of governments and economies.

In the United States, a CISA Red Team was recently granted permission to conduct a stealthy three-month attack on a critical infrastructure organization to assess the group’s cyber security posture.

The Red Team gained access to network resources without detection. When the Red Team hackers attempted to trigger a reaction, the organization did not respond. No one appeared to have noticed the intrusion.

CISA Red Team exercise

After gaining persistent access to the network, the Red Team moved laterally across the organization’s multiple, geographically separated sites. Eventually, the team accessed systems that were adjacent to the organization’s sensitive business systems (SBSs), reported CISA.

Blocked by MFA

The Red Team experienced an interruption in their activities upon encountering multi-factor authentication protocols. If your organization has been reluctant to adopt multi-factor authentication, see seven good reasons as to why you should reconsider your strategy – here.

CISA’s target organization

To date, CISA has not yet publicly identified the target organization’s area of critical infrastructure. At present, CISA lists 16 different sectors under the critical infrastructure umbrella, including healthcare, transportation, water systems, energy, manufacturing and financial services.

CISA’s attack tools

The Red Team in this activity utilized tools such as Cobalt Strike, a commercially available software that’s commonly used for testing purposes, but that’s also easily repurposed by malicious hackers.

The team also weaponized phishing emails, ultimately succeeding in eliciting responses from two different organizational workstations.

CISA Red Team authority

Upon request, the CISA Red Team can provide expertise and technical assistance to critical infrastructure operators.

Says CISA, the group’s Red Team recommendations are “…applicable to help other entities assess and improve their cyber security…”

Cyber security resources

If your organization is considered a critical infrastructure entity, we encourage you to explore the following security resources:

Learn more here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the Cybertalk.org newsletter.