Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Sunday, May 12, 2013

Welcome to the red team!

You may not know that ‘red teaming’ refers to the practice of “viewing a problem from an adversary or competitor’s perspective.  It seems that one of the best ways to get into a system is to be the first to find a new vulnerability in the software that no-one else has spotted.  This ‘zero day’ vulnerability can be used to get malware of some kind into an organization, and, from then on, the red team own the IT system.  And that’s why it’s a good idea to pay a team of experts rather than wake up one day and find the bad guys have found their way into your IT infrastructure.

Internet Explorer has been in the press over the years for the number of vulnerabilities that it once had, but nowadays, Java is a prime target for red teams because Java is meant to run on 3 million devices – providing what’s called a large ‘attack surface’.

Attacking the software is getting harder these days, but there’s one component of an organization’s computer system that is always potentially vulnerable – and that’s the people who use the computers.  Another technique is to send infected memory sticks to staff, who often plug them in to see what’s on them, and, again, the malware strikes!

Red team members can now use social media to find the names of staff as well as details of their experience, so that e-mails and phone calls from the red team can sound quite legitimate.

The other part of the solution is education of staff so that they don’t insert memory sticks or click on attachments from unknown sources.

The red team could, perhaps, get a piece of malware onto someone’s tablet, which then gets connected to network, which then starts opening security doors all the way to the mainframe.

But most organizations can learn from the types of vulnerability red teams exploit, and take steps to ensure that they are not at risk from them.


Posted on 05/12