Cyber attacks on banks, states and citizens’ computers have been the commonness for a long time. The word “hacker” in the mass consciousness is inextricably linked with the theme of cybercrime. Nevertheless, a hacker is not necessarily an attacker: advanced “crackers” can not only disturb peace, but also know how to protect it.
Let’s talk about white hackers` work and their usefulness for your business.
Сompanies are interested in protecting data: leaks lead to serious financial and reputational losses. Information security is neither a result nor a condition. This is an ongoing process. In order for the company’s employees, who are responsible for cybersecurity, to be able to timely detect and correctly respond to a gap in the system, it is necessary to constantly increase the professional level of the team.
The information security market offers several services for analyzing company’s security: analysis of systems` and applications` security, penetration testing (pentests), assessing personnel awareness of information security issues, etc., but the most effective method, in our opinion, is the method named «Red Team»*.
This method is similar to the traditional penetration test (pentest), which is used to check networks, services, systems and wireless access points, but do not mix them up. Pentesting – assessment of passive security of information systems, Red Teaming – assessment of active security. Pentest experts visit the customer with scanners and other equipment and, without hiding, try to “hack” the system (I’ll say right away that the statistics are disappointing). After checking and analyzing, they write a progress report about the presence of vulnerabilities and also give recommendations for their elimination.
Red Team – “battle check”. White hackers have extensive knowledge of attack methods. Firstly, they gain experience during pentests, and secondly, they study the world practice of real hacker attacks. During the Red Team, hackers imitate a real cyber attack. Naturally, an “attack” takes place according to predetermined scenarios and does not interfere with the operation of the company’s critical information systems. Careful preparation and study of the systems allows the attack to be carried out accurately and as close to reality as possible. This, of course, directly depends on the experience and level of qualification of the Red Team. The exercises and fakeattack are reported to a very narrow circle of people so that the rest of the staff behave naturally.
The goal of the Red Team, is to achieve the set goals, for example:
to penetrate the system, steal data, fix the process of “hacking” and tell the “blue team” (customer side) about the mistakes made and ways of eliminating them. It turns out that the knowledge and skills of the “blue team”, the company’s internal experts, are growing because the “red team” provides an ever-higher level of attacks.
Red team is more time-consuming and labor-intensive than a pentest. But it allows you to solve several problems at once:
- inspection of the effectiveness of information security systems used in the company;
- analysis of the information security department and other employees` actions
- training of internal specialists to prevent errors in the future.
Another feature of the Red Team method that distinguishes it from other methods of vulnerability analysis is the use of any options for extracting the necessary information to penetrate the system,including methods of social engineering.
The weakest link in the security of the information system, as you know, is not software or hardware, but the users themselves. Hackers use psychological techniques and behavioral patterns of people to obtain information about access to the system. Despite the fact that the media is actively writing about social engineering and general awareness of this issue is growing, it is not usually found at the level of corporate protection. In addition, the methods of psychological attacks are changing: bulk letters and messages give way to targeted interaction.
They use phone conversations, friendships on social networks and chatting. We have a successful system hacking case using information obtained in a private corporate chat on WhatsApp in our practice. About the ways, how attackers can get the necessary information we tell during the Red Team cyber orders. By the way, we train not only information security specialists, we increase the cyber literacy of all company employees.
Who should think about conducting “red team”? Cyber-orders do not make sense for organizations with an initial level of information security maturity – too early. Such companies can be limited to traditional services like a pentest or technical audit of information systems. We recommend “rediting” to medium and large businesses and organizations of the financial and technical sector, which are traditionally a tidbit for attackers.
In addition, I want to say that you should not be afraid of conducting exercises, especially to internal security services. The purpose of the audit is not to identify incompetence and lack of expertise, but, on the contrary, to help those involved in the information security of the company, provide maximum protection and increase professionalism during training battles, to always be ready and repel a real attack. As our white hackers like to repeat: it’s hard to cyber training – it’s easy to cyber battle.
* The concept of Red Team and Blue Team came to information security from military terminology, where Red Team is a team of attackers, and Blue Team is a team of defenders. In the cybersecurity context, the Blue Team means a team of experts whose mission is to protect the infrastructure.