Red Teaming: Stay Safe in Cyberworld

Are you interested in an IT infrastructure audit? Then, you might have heard of ethical hackers. These specialists are into monitoring the vulnerabilities found on the website, network, IoT. They check out the weak sides that may be exploited by the real hackers. Quite frequently, in the process of penetration testing, the cybersecurity professionals offer a sort of roleplay. Red Team of attackers against Blue Team of defenders. You definitely need Red Teaming if you don’t want to be red-handed.

Game is worth the candle

Imagine you own an enterprise or run a business. Your security service works quite well. You never forget to monitor employees and even launch video surveillance. You claim to have been protected at all the levels. But what if the hacker has already discovered your website, server or network? He should be reconnoitering the ground. In our experience, in case a cybercriminal is interested in you, he will find a way to hack you. In this instance, even a wonderful IT department cannot protect from the threat.

In the research provided by Deloitte, the history of Red Teaming is mentioned. This concept harkens back to the military practice of German war planners in the XIX century. People understood in case one wanted to hold off an enemy attack, he needs to think like his opponent. As well, one had better take into account weather, logistics problems, human factor, and any other circumstances of insuperable force that might have impacted military course of actions.

This is how the war planners suggested to train in German castle Schloss Charlottenburg.

According to the rules, two players had to operate step by step. Each action took no longer than two minutes. The length was chosen in accordance with the barrage. In the meantime, the third player prioritized targets by rolling the dice. Every two minutes the initial course of actions changed. New and new circumstances of insuperable force were taken into consideration, so far. It’s been a long time coming but now both businesses and corporations apply for Red Teaming and penetration testing to assess potential threats critically taking all the possible problems into consideration.

In 2018, European Central Bank created a platform to govern the application of red teaming based on the idea of digital threats handling. Threat Intelligence-Based Ethical Red Teaming (TIBER-EU) has been designed to serve European and national financial institutions to test the vulnerabilities in the system and increase the stability against advanced cyber-attacks. Today, the Red Team of ethical attackers has gained popularity not only in the banks but also in other industries.

Use it right!

Red Team includes several stages.

• Preparation step means the team is testing the system and chooses the responsible personalities. The tools and tests should be approved by the client.
• Reconnaissance is information gathering aimed at getting the most important data about the client’s system. Reconnaissance is conducted via such public tools as Google, LinkedIn, Facebook, Twitter, Google Earth, Maltego, etc. The cybersecurity professionals try to figure out as much as possible about the company, technologies, and potential threats. Here, the hacking attack is imitated. Red Team, in its turn, estimates if the employees are ready to oppose the attack.
• Active Reconnaissance is directed at IT infrastructure. The technical scope is widely investigated here with particular focus at the hardware and logistics security, customers conversion, and possibilities to penetrate into the system.
• Attack planning consists of threat modeling, initial plan compliance, and discovery of the conditions which might make the victim open the access to the system. Then, alternative strategies are developed with malware purchased or even created manually. The RFID badges are being cloned while Trojans are being configured. At this step, the social engineering approaches are researched with fake personalities or organizations launched.
• Exploitation stage helps reach the target by compromising the servers, applications, networks, or physical control bypassing. Here, the Red Team representative tries to go through the locks, radars or even switch off video surveillance. The members of the attackers’ team analyze vulnerabilities and backdoors. They come to the conclusion whether it is possible to compromise the system by penetrating into the network remotely. The professionals from the Red Team are quite creative. They use every possible cyber tool. For example, the specialists from CQR Company who invented CryEye tool for cybersecurity say, at the stage of exploitation it is crucially important to run such attacks as man-in-the-middle, Wi-Fi cracking with more than 10 technologies in use, conduct traffic interception along with sniffing, do Lan cable MitMing, and try eavesdropping.
• Post exploitation is the final stage of the Red Teaming process. Here, the mission should be completed with traces covered up. After that, the specialists tend to recover the system and check if the data leakage did not happen in the process of attack. Finally, the professionals make a report with the information about the vulnerabilities discovered and solutions to use.

Ethical, or white hat hacking opens new horizons for business people. That’s a chance to watch the system security from inside. Today, more and more companies are ordering such services. They also claim to have won after the monitoring in the gamification mode.