Red Team - Pharmaceutical Company

Background

A multinational Pharmaceutical company with a considerable online and physical presence, was concerned with the impact hybrid attacks would have on its operations. Specifically, the concern was if the core network environments could be breached via a production or distribution facility.

"“We’re being followed by a cow..watch out for that skunk”"
Test team member while performing an evening breach.

The Challenge

The organization was extremely dispersed geographically with multiple network segments. A variety of security controls had been implemented, with a large number of systems sending data to a SIEM system operated by an internal SOC.

Previous assessments had uncovered a variety of issues, however none of these could be directly tied to a potential impact on critical assets, and as such remediation was difficult to justify to the business.

The Solution

A targeted red team assessment was conducted. OccamSec personnel worked with various teams at the client organization to identify critical assets – those which would have a major impact on the organization’s ability to achieve it’s objectives.

Situational intelligence provided by OccamSec was utilized in the construction of various attack models. Members of the client’s business and technical teams were involved in a number of brain storming sessions to create these models. This also involved identifying controls which could disrupt or detect attacks.

The attack models were prioritized across a number of factors and then testing across three domains (cyber, physical, and social) was undertaken. Social engineering attacks were combined with physical location breaches to gain access to various facilities.

The test team then connected to the internal network and proceeded to access critical targets. Ultimately the assessment teams identified a number of critical vulnerabilities which could be exploited by attackers to seriously disrupt operations.

At the conclusion of testing the test team provided full details on the issues identified, as well as  recommendations for remediation. A number of follow up sessions were held with various client teams to discuss findings and map out remediation activities based on the resources available to the client.