Red Team Exercise
As per ESG Research Report, Security Hygiene and Posture Management, 2022, about 47% of organizations think that red teaming is an essential practice for risk assessment and utilizing these tactics to detect unknown vulnerabilities.
About PI Industries
Established in 1946 and being one of the leading Agri-science and fine chemical companies in India, PI Industries has a unique business strategy of offering innovative farm solutions to farmers through a network of channel partners and retail outlets. In tandem, PI Industries collaborates with global innovator corporations across the value chain, encompassing synthesis, manufacturing, co-marketing, and product distribution. To maintain its global supply, PI Industries has operational locations in Germany, China, and Japan.
With a strong belief in technology and IP protection as the key pillars, PI has been investing ahead of time and has established a large-scale manufacturing infrastructure focused on Industry 4.0 standards. PI Industries have built robust capabilities in each part of the value chain including process synthesis, scaling up, and commercialization. The company presently employs over 3,000 people and has 15 multifunctional plants and five formulation facilities throughout its four manufacturing locations.
Challenge
The challenges in the cyber world are diverse and every piece of information (either physical or digital) is of utmost importance. The upper management of an organization was aware of the consequences that a cyber-attack could have on the organization’s reputation and operations. Although the client had made a significant cyber security investment, still they had no real-world visibility on the success rate of these security measures and the strategy on how the organization would counteract a real-world attack.
So, the client decided to engage Ducara Info Solutions to test the success of an organization’s cyber security controls and its capability to detect and respond to harmful behavior.
Objectives
A red team evaluation provides an invaluable understanding of the ways in which an attacker might get sensitive data without authorization, resulting in data breaches and other damages.
We worked together with the client to determine the goals, criteria, and scope of the assessment during the kick-off meeting. We also shared with the PI Industries our plans, schedules, methods, and team responsibilities. It was decided that the red team assessment would be initiated with a realistic technique that would be used to simulate attacks from every conceivable vector.
Our Approach
Ducara’s experts incorporated a thorough methodology to conduct a red team assessment of PI Industries. Some of the key points of our red teaming assessment include:
Reconnaissance
- Our team began by gathering all possible information about the target using publicly available open-source intelligent (OSINT) resources and by evaluating the organization’s exposed attack surface. These included, but were not limited to physical office locations, staff details, applications and services, mobile applications on the app store, publicly exposed systems, remote access solutions, and social media profiles.
- All of the identified information was then assessed for vulnerabilities. Targeting the web applications first and then moving on to the network, the team assessed the IPs and other networks owned by the client to identify vulnerabilities. Certain vulnerabilities were identified but they were not critical enough to help us exploit the network to a greater extent.
Initial Compromise
- Since getting inside the network was still a challenge, the team decided to leverage the weakest link in the cybersecurity domain and the easiest target of any attacker i.e., the employees. So, the phishing attack was conducted.
- Ducara decided to social engineer certain employees of its client to lure them into opening their emails and clicking on infected links. So, the plan was to roll out a specifically curated email to the employees of the client, disguising as their IT team, and asking them to click on the inserted links. One of these links on clicked led the employee to a dummy website created by the team and informed the employee that suspicious activity was detected on his/her account that’s why they needed to insert his/her VPN credentials and change his/her password.
- After a few failed attempts, the team decided to develop a strategy that helped them to directly send the phishing email to the client’s employees’ inbox. This strategy resulted in 60% of the employees clicking on the infected links and even changing their passwords.
Lateral Movement
- After getting into the company’s VPN, now the team could stretch their scope to a different level, which was initially a little difficult with the internet due to them being internal networks. The team then moved to pen-testing with this newly developed strategy and scope, with extensive research and information gathering of the number of machines, type of devices, number of users, servers, etc.
- After entering the network, it was understood that there were over 3,000 computers and thousands of emails being used inside the network of the organization. The team was able to successfully compromise some of these networks with a laser-focused execution of social engineering.
Recommendations
On the basis of the assessment and identified vulnerabilities following recommendations were offered to the client –
- Spread awareness among employees to not enter their credentials on any suspicious phishing emails.
- Monitoring teams should be more alert when any such mass phishing emails are received and should immediately block the phishing domain and inform the employees.
- Use strong and unique passwords for every account.
- Never save usernames and passwords in any browser.
- For all URLs that are permitted for redirection, maintain a server-side list. It helps in passing an index into this list instead of passing the target URL as a parameter to the redirector.
Result
The Red Team assessment conducted by Ducara Info Solutions was really helpful for the client. Our thorough assessment report benefited the client in gaining deep insight into its security infrastructure loopholes, especially from the point of the external party. We also provide a list of recommendations that the client must implement to strengthen the organization’s security.
“We decided to conduct a red team exercise at PI Industries with the objective of enhancing our organization’s security infrastructure and investment. To achieve this objective of ours Ducara’s Team provides an exceptional service.” a member from PI Industries Management.