Situation
As a client of NCC Group for a number of years, the organization approached us to test their internal infrastructure which was long overdue. They were looking for a way to measure the effectiveness of their SOC with the security improvements they had made while also providing strong vulnerability coverage across their internal estate. As a cryptocurrency exchange, their assets are highly desirable and are especially vulnerable to attacks from advanced malicious actors. This demands an especially thorough test of their defenses. In fact, 2022 was the biggest year ever for crypto hacking, with $3.8 billion stolen from cryptocurrency businesses.
At a glance
Organization sector: Financial Services
Situation: The organization needed to test security improvements to their internal infrastructure and measure the effectiveness of their SOC in order to provide strong vulnerability coverage across their internal estate.
Challenge: As a cryptocurrency exchange, their assets are highly desirable and are especially vulnerable to attacks from advanced malicious actors. They didn’t feel previous testing methods were providing sufficient insight or coverage across their environment.
Solution: The client opted to deploy NCC Group’s Attack Path Mapping (APM) solution as it provided the unique blend of coverage and depth required to meet their goals of vulnerability discovery, SOC improvement, and attack simulation.
Results: Not only did this provide the right vulnerability coverage and SOC improvement data, but it also created a repeatable model they could use to build new scenarios for future internal testing.
Challenges
The organization wanted to conduct some long overdue penetration testing and needed to explore a solution which better suited their vulnerability discovery, SOC improvement, and attack simulation needs, which included:
- Uncovering more ways to improve their detections with their limited datasets.
- Capturing vulnerabilities across a wide range of areas in their environment, which contained ~12,000 live hosts.
- Creating an accurate depiction of an attack stemming from a compromised host in their internal environment.
- Greater insight into the security of their internally-facing cloud environments.
By addressing these requirements, they hoped to:
- Improve their SOC detections with real-time data based on actual attack paths.
- Fix any vulnerabilities discovered in multiple areas of their environment.
- Remediate any attack pathways to their internal management consoles.
Solution
We worked closely with the client to explore multiple testing solutions including traditional penetration tests, automated testing and more advanced red-team engagements. Our two teams agreed that:
- Traditional penetration testing from NCC Group wouldn’t have shown them the specific pathways they requested (Attack vs. Cloud, Attack vs. a local laptop, and attack against management consoles).
- Red teaming wouldn’t have produced a rich enough dataset for the SOC to build detections on due to the red team’s stealth element.
- Automated testing wouldn’t have delved deeply enough into any of these pathways and would have produced signature data that they had already incorporated into their detections.
While we strongly considered social engineering to truly simulate a real-world attack, the client elected not to include this as it would have potentially impacted users and business operations. However, without this avenue of attack simulation, we wouldn’t be able to provide proof of concepts for certain kill chains.
This is why APM was an ideal fit for their requirements due to the unique blend of coverage and depth that it provides, and how well it meshed with their goals of vulnerability discovery, SOC improvement, and attack simulation.
Result
The APM exercise was able to provide the organization with simultaneous value that would have normally stemmed from multiple engagements: a penetration test, SOC improvement exercise, and cloud security assessment. This not only saved them time and allowed them to rapidly enhance their internal security program, but it also brought all these security improvements together in a natural way that gave them a more comprehensive view of their security posture and exposure to their threat models.
The engagement not only produced the results they were looking for in terms of vulnerability coverage and SOC improvement data, but it also created a repeatable and scalable model the clients is using to build new scenarios for their next internal test.
This is something that could have taken years of penetration testing or a lot of red teaming to produce. It’s hard to put a precise figure on things, but the client is consistently feeding back that NCC Group’s APM exercises are saving them invaluable time and money ($10,000s per annum) in protecting their critical assets and bolstering their security program.