Attack path mapping for a multinational corporation

Overview

The client, a multinational financial services corporation, approached Reversec to deliver a security assessment to understand its current security posture and exposure to cybersecurity risks.

The client initially requested a Red Team exercise to simulate an attacker breaching its perimeter, establishing a foothold on its network, and then proceeding along the kill chain. A consultation with us concluded that while a Red Team exercise would partially achieve these objectives, the focus on a single attack type would be too narrow to identify all high-risk attack paths and fully evaluate the client’s defensive capabilities.

Company

Financial services corporation

Industry

Financial services

Solution

We proposed conducting an Attack Path Mapping exercise to establish the routes an attacker would likely pursue, followed by technical testing to validate the attack paths and assess the efficacy of prevention and detection controls.

During the exercise, we identified several exploitable attack paths that were tested to uncover security issues. At the client’s direction, we began the assessment from the position of an arbitrary compromised system on the client network – a scenario reflective of real-world attack methods that target system users to abuse legitimate access and functionality. We also assessed the security of the client’s perimeter and internet-facing systems.

Our consultants were able to access personal information by compromising millions of data records, either from the position of a malicious insider or a remote attacker in control of an arbitrary workstation. Additionally, the access we achieved would have enabled an attacker to completely disrupt services across the client’s global operations. We also found that previous investments in perimeter defenses had proved valuable, forcing an attacker to target users or user workstations to achieve their objectives.

Outcome

The engagement produced several key findings, for which we aligned practical recommendations. These included:

  • Improvements to employee and system administrator security awareness and password strength – The use of insecure and shared passwords, particularly by domain administrators, posed the most critical risk to the client organization. We also observed poor management of privileged credentials by a key managed service provider.
  • Improvements to Active Directory hygiene – A lack of hygiene allowed authentication and authorization to be bypassed or manipulated.
  • Segregated corporate and production environments – A lack of effective network segregation enabled communications between workstations and key servers within data centers.
  • Implementation of Network Access Control and Rogue Systems Detection – To give the client more control and visibility over systems present on its network.
  • Initiation of a SOC improvement program – Numerous attacker actions were possible due to a lack of visibility across endpoints.
  • Improvements to patch and vulnerability process management, along with the removal of unnecessary legacy systems – Ineffective patch management had left legacy systems missing patches for over a decade.

Used services

Resilience Development

Build your immune system and withstand a cyber incident; assess risk by testing your controls against likely threats, and improve the skills of your security operations team.

Resilience development

Our accreditations and certificates

NCSC CCSS CREST CREST CSIR NCSC PCI QSA NDV
NCSC CCSS CREST CREST CSIR NCSC PCI QSA NDV NCSC CCSS CREST CREST CSIR NCSC PCI QSA NDV

Don’t be a stranger, let’s get in touch.

Our team of dedicated experts can help guide you in finding the right
solution for your unique issues. Complete the form and we are happy to
reach out as soon as possible to discuss more.

This site is protected by reCAPTCHA and the Google
Privacy Policy and Terms of Service apply.