A CISA red team simulated a malicious cyberattack on a critical infrastructure organization to test security measures and give recommendations to other entities.
The Cybersecurity and Infrastructure Security Agency released a new Cybersecurity Advisory on Tuesday recommending a series of key defensive actions for network defenders to implement following a simulated malicious cyber attack against a large critical infrastructure organization.
Conducted by a CISA red team, a test hack allowed the team to breach and enter the digital networks of a critical infrastructure entity. CISA noted that the team was able to move through digital networks from the organization’s distinct geographic sites, and eventually accessed systems adjacent to repositories storing sensitive business information.
Although the organization’s multifactor authentication helped stop the red team from advancing, the simulated hack was able to breach initial security measures.
“Despite having a mature cyber posture, the organization did not detect the red team’s activity throughout the assessment, including when the team attempted to trigger a security response,” the advisory notes.
CISA’s advisory documents the exact tactics the red team used in its simulated hack to help organizations adapt to potentially similar maneuvers from real malicious actors.
Some of the tactics the red team engaged in were conducting an internal port scan of the network, locking out several administrative accounts, and uploading and executing malicious files and ransomware to target systems.
The red team found that problems within the organization’s cybersecurity measures included insufficient host and network monitoring, archaic passwords and excessive permissions given to standards users.
“This CSA highlights the importance of collecting and monitoring logs for unusual activity as well as continuous testing and exercises to ensure your organization’s environment is not vulnerable to compromise, regardless of the maturity of its cyber posture,” the advisory suggests.
This advisory comes as the Biden administration is slated to release its National Cybersecurity Strategy to give private and public organizations an official framework to help them guard against ever-prevalent cyberattacks.