What started out as a standard Red Team test designed to check the security capabilities of several Australian hospitals, led to a chain of events that eventually uncovered serious security flaws in remote-capable insulin pumps that, if abused could have had disastrous consequences. The hospitals, all of which are part of a connected healthcare system, had contracted with Trustwave to conduct the Red Team tests against several of their facilities.
When conducting Red Team engagements, more than one Command and Control (C2) framework would typically be used as part of our delivery process and methodology. We would be unintentionally limiting our options if we only had one Command and Control framework to depend upon, which would be less realistic when comparing it to an attack from real threat actors who seem to have infinite time and resources available. The use of multiple Command and Control frameworks is essential.
Cybersecurity threats refer to malicious activities conducted over digital networks, targeting systems, devices, and data. These threats encompass a wide range of attacks, from stealing sensitive information and spreading malware to disrupting critical infrastructure. And their impact extends beyond technical realms. They can and regularly do affect individuals, businesses, and society at large.
Ensuring your threat detection rules work as intended and provide sufficient coverage for major threats is a critical component of a security program. Red Canary’s Atomic Red Team—an open source library of detection tests that help teams validate the effectiveness of their security measures—has historically been the tool of choice for detection testing.
How can you take a proactive approach to your organization’s cybersecurity strategy? Scoping the threat landscape and having a solid incident response plan is a good start. But you also need to continuously seek out vulnerabilities and weaknesses to remediate or mitigate. These vulnerabilities and weaknesses aren’t just limited to systems and processes – the human factor plays a prominent part in many cybersecurity breaches.
As attackers get more creative in their malicious tradecraft, cloud security teams must be able to keep up with detections that provide adequate coverage against the diverse threats to their cloud environments. Threat emulation enables cloud security teams to leverage their understanding of threat actor behaviors as a feedback loop for developing cloud-based detections and validating their resilience.