Red Team Testing: It’s the 1992 “Sneakers” movie in real life in 2022.
By David Strickland, Vice President of Kenton Brothers
The 1992 movie Sneakers, starring Robert Redford and Dan Aykroyd, was about a Red Team that was hired to break into companies all over San Francisco. They were hired by the same companies they were trying to break into. This was done to test their security measures (both Physical and Cyber) – What we like to call “convergence” these days.
Robert Redford’s Red Team was made up of both physical security experts (a thief and a federal agent) and cyber security experts (a hacker and electronic technology expert). Their mission was to test and penetrate the defenses of the target company to point out any weaknesses. If vulnerabilities were found, the company could shore up their defenses and make their company more secure.
Fast forward 30 years to 2022. The Red Team Testing technique is still in full swing.
Red Team Testing is still the pinnacle of testing your security systems so that you can determine your risk of exposure. The Red team will look at every aspect of your convergent security systems and create a detailed report on your weaknesses.
Red Teams ask the question – What would happen if your company was faced with some of the following scenarios?
- Active Shooter
- Cyber Attacks (Internal and External)
- Industrial Espionage
- Theft (Physical, Digital, Intellectual Property)
- Sabotage
- Power outage
- Mass Casualty event (Weather, explosives, Chemical)
- Pandemic
- Work Place Violence
Here are a few of the techniques Red Teams will use to test your company’s exposure level:
Physical Security Penetration Testing:
Red Teams will test physical penetrations with your company’s physical assets (buildings, vehicles, networks, people) and measure the company’s response and how long it took to detect and act on those tests. They will measure the effectiveness of your policies and procedures and how they affect your deterrence and detection systems.
The Red Team will pose as employees or service providers to gain access to your company’s inner workings. They may also attempt to break into see what is possible and if they get caught. They’re looking for assets they can compromise and gain access to while on the inside.
Did your coworker leave proprietary information on a white board for all to see? Did everyone sign out of their workstations? Are your access control doors propped open for easy access? If someone unplugged one of your surveillance cameras and plugged it in to their laptop, could they gain access to your network? Can they connect a thumb drive to your server? Could they sneak a weapon in? Have all of your Internet of Things (IOT) devices had their default usernames changed? The list is long.
Cyber Security Penetration Testing
Where physical penetration testing might seem like a hammer, think of cybersecurity testing as a scalpel. Red Teams utilize web application attacks, such as cross-site scripting, SQL, piggybacking, injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities. These types of risk include stealing data, intercepting private/confidential traffic, asset discovery, exploitation and complete shutdown. As we all have become aware, Ransomware is a true and present threat to every size of business.
In the complex cybersecurity landscape, penetration testing has become a must for most industries. In many, in fact, it’s required by law.
For instance:
- Health organizations ensure healthcare data security under HIPAA
- Financial institutions test for FDIC compliance
- Businesses accepting or processing payment cards must comply with Payment Card Industry standards
- Critical infrastructure entities must follow guidelines outlined by NERC
Even businesses that might think they don’t have any valuable information to protect could be at risk of someone trying to take over the network, install malware, disrupt services, and more.
The End Game
What does all this sneaking around mean and why should you care? Red Team Testing allows you to identify and exploit your security weaknesses without the impact of debilitating consequences. From a Red Team’s report, you can adjust your response to the threats that you see as your biggest exposure. You’ll have the ability to identify specific weaknesses and the best approach for shoring them up.
Breaches Happen Every Day – Here’s an example.
One story about a Red Team that comes to mind was about a team that created malware laced thumb drives. And they labeled them with the contracted company’s logo to make them look official. The Red Team followed several employees to a local convenience store and would drop these thumb drives by their car door when the employee would enter the store. When the employee would come back, they would see the logo and thumb drive and assume they had dropped it. They would dutifully pick it up and bring it back to work with them. Curious about what was on the thumb drive, they would insert it in the USB port on their workstation and physically introduce malware to their cyber network. Game over.
This is a great representation of the techniques a red team employs to gain access. They used social engineering to “hack the employees” and defy the policy of no outside USB connections on the network. It seems innocent enough to the employee, however the vulnerability was able to exploit the banking information of a large regional bank. Fortunately, this was a test. Only a test.
Security Systems and Processes have the best chance for success when they’re working in unison. You may have the best security system in the world, but if you forget to arm it, it’s useless. Red Team testing allows you to test both systems and processes.
Interested in how this testing could help your organization? We can help! Please reach out today and we will discuss exactly how Red Team testing can increase the protection of your business.
Leave a Reply
Want to join the discussion?Feel free to contribute!