Until recently, the manufacturing industry was not well known as a particular interest for cyber criminals. However, this industry vertical has recently seen an influx in sophisticated attacks that can bypass traditional security measures like firewalls, malware detection and intrusion
detection systems. Many of these attacks can be traced back to nation states, who typically have technology and trade secret theft, as well as cyber-extortion motives. As the industry chases innovation, manufacturers must find the right balance between progress and security.
A client in the flexible packaging industry recently sought to acquire a US based business to expand their market globally. One of the challenges of any acquisition is the consolidation and integration of separate IT departments and network infrastructures. Our client was
particularly interested in evaluating the inherent risks introduced by incorporating the subsidiary’s network and endpoint assets into their own environment. Our services were retained to obtain visibility into any new potential attack vectors and risks introduced into the
parent company’s infrastructure through the process of joining of these two global networks.
Leveraging a network modeling tool, we were able to create a visual representation of the subsidiary’s entire IT network (including network access and firewall rules), permitting the evaluation of traffic between different trust zones. With the entire network mapped, we imported vulnerability scan data from the endpoints within the network, introducing our first factor of risk. Next, we developed targeted attack scenarios and analyzed attack pathways through the virtual model. This analysis allowed us to pinpoint specific hosts that could be used to pivot to more business critical subnets for potential compromise and data theft.
- We were able to present to our multi-national client several unique attack vectors which an adversary could exploit from both outside and inside the network perimeter.
- By combining endpoint vulnerability data with a virtual network map, we demonstrated how an adversary could discover new attack surfaces within the merged network to reach and exfiltrate information from the parent company’s data stores.