Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  CISA: Do these three things to toughen up your network against hackers
PostedinPrivacy and Security Posted on March 17, 2023

CISA: Do these three things to toughen up your network against hackers

Posted By Shannon.Smith

Cybersecurity agency shares the lessons learned from a red team assessment of a critical infrastructure organization.

The US Cybersecurity and Infrastructure Security Agency (CISA) has detailed how, during a cybersecurity red team assessment, it was able to gain access to the network a large critical infrastructure organization — and how the lessons learned can help others to toughen up their network security

The red team exercise against the network of the unnamed “large critical infrastructure organization” came after the organization requested it from CISA to test its cybersecurity posture.  

A red team is a group of cybersecurity experts who are tasked with thinking like malicious cyber attackers, using offensive hacking techniques to probe network defenses and test how the defenders — the blue team — will react, then report back on what happened so that the client who requested the red team exercise can improve their cybersecurity. 

According to CISA’s analysis of the test, there were 13 occasions where the red team acted in a way which was designed to provoke a response from the people, processes, and technology defending the organization’s network. 

But many of these potentially malicious actions weren’t detected.

“The CISA red team obtained persistent access to the organization’s network, moved laterally across multiple geographically separated sites, and gained access to systems adjacent to the organization’s sensitive business systems,” said CISA. 

Like many cyber-attacks, this red team exercise started with phishing attacks, sending specifically targeted email lures to employees across several of the organization’s geographical locations. 

The red team achieved this by using open-source research to find potential targets for spear-phishing attacks, along with their email addresses, then using accounts set up on commercially available email platforms to send tailored spear-phishing emails to seven potential targets. 

But these phishing emails didn’t just start with sending a malicious link out of the blue — the CISA red teamers managed to build up rapport and trust with some of the targets over several emails before asking them to accept an invite to a virtual meeting.  

This invite took the victims to a domain controlled by the red team, executing a malicious payload which provided the red team attackers with access. Two victims fell for the phishing attacks, providing the red team with access to workstations at two different sites. 

Leveraging this access, the red team examined SharePoint files to identify which users had administrative access. Then they used this information to launch a second phishing campaign against these users. One of them fell victim to it, providing the red team with access to their workstation and their administrator privileges.  

Using this additional access, the attackers moved around the network, gathering more usernames and passwords and greater persistence on the network, compromising additional workstations with administration access, including servers. 

Now the red team had what CISA describes as “persistent, deep access established across the organization’s networks and subnetworks” which allowed them to access a password manager used by employees, gather plaintext credentials in databases, access backup servers and even gain access to what’s detailed as “systems adjacent to the organization’s sensitive business systems.” 

While the red team test exposed several security weaknesses in the network, according to CISA, there are also positives to take away from the exercise — including the fact that the organization ordered a red test exercise and is investing hardening their network based on findings. 

Other positives include how the red team had to revert to phishing emails because they were unable to discover any easily exploitable services, ports, or web interfaces from more than three million external in-scope IPs. Also, passwords were strong, preventing the red teamers from being able to crack any with brute-force attacks.  

The organization also had multi-factor authentication (MFA) in place to prevent access to sensitive business systems, blocking the red team from using stolen credentials to access them. 

CISA has made several recommendations to the organization over improving cybersecurity — and these recommendations are also useful for others who want to strengthen their network defenses. 

Among these recommendations are:

  • Establish a security baseline of what’s normal network activity, so potentially anomalous or malicious behavior can be detected before an intruder gains additional access to the network.  
  • Conduct regular assessments of the network to ensure the security procedures are working and can easily be followed by both information security staff and end users. 
  • Use phishing-resistant multi-factor authentication to the greatest extent possible in order to prevent attackers from being automatically accessing accounts for which they’ve stolen passwords. 

Written by Danny Palmer, Senior Writer
Source: ZDNet.com
Featured Image: Getty/Marko Geber

Share on Facebook Share on Twitter
Previous Article
Google One Review
Next Article
How to easily see your open Chrome tabs on other computers

About Author

Shannon.Smith

Related Posts

  • GitHub Makes Two-Factor Authentication Mandatory

    March 13, 2023
  • Is Windows 11 spying on you? New report details eye-opening levels of telemetry

    February 9, 2023
  • ION Group ransomware attack affects trading across the world

    February 6, 2023
Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • AT&T closes 2021 with strong 4Q net adds, earnings and revenue January 26, 2022 Business
  • The Windows Recovery Virus Returns August 10, 2011 Computer Help, Privacy and Security
  • Robotic Beehive Using AI To Save The Bees And Global Food Supply May 30, 2022 Emerging Technology & News
  • Google removes 500+ malicious Chrome extensions from the Web Store February 13, 2020 Privacy and Security
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok