As explained in Part 1 of this series the “ethical hacker” teams that conduct Penetration Testing are known as the Blue Team, the Red Team, and (sometimes) the Purple Team. The Red Team has the primary responsibility of launching an ethical-based Cyberattack against the defense perimeters of a business in an effort to uncover its Security vulnerabilities, weaknesses, and holes. But the Red Team is not particularly interested in what is being attacked; they are much more interested in the access methods used to get at those targets.
The Red Team will use great creativity and will even use techniques many have never even heard of. Remember, the goal of the Red Team is to not just attack your lines of defense but breach them through every method at their disposal. To do this, they will think and act just like a real Cyber attacker, but very often they come up with ideas on their own.
When a Red Team engages in mock Cyberattacks, they often do not ask the client company for a specific list of targets to hit; they are also interested in systems in the client’s IT Infrastructure that are “out of scope.” This gives the Red Team a much broader set of permutations to examine. Consequently, the Red Team will “. . . find vulnerabilities that stem from cultural bias in system design, flawed conclusions, or the limitations and expectations of an insider perspective.”
It is also important to keep in mind that if a Red Team is allowed a broad scope and purpose by the client, they will use every Cyberattack technique they think of, instead of using only traditional attack methods. For instance, the Red Team could:
- Perform offsite
- Conduct remote access network Penetration Testing.
- Conduct a covert site audit after they have broken through the lines of defense and have gained access to mission critical systems.
- Launch Social Engineering attacks against the client’s employees in order to launch a secondary attack such as a Spear Phishing campaign or Business Email Compromise.
In other words, the Red Team will try both conventional and unconventional techniques to break through a company’s lines of defense. When the Red Team uses this kind of approach, their client’s business will be exposed to just about every kind of Cyberattack known thus far. As a result, the company’s Cyber threat modeling capabilities will be that much more sophisticated and robust to use.
Red Teams often make use of a methodology known as the “Layered Approach” in which multiple attempts are made to break through the lines of defense at the business entity. These attempts are not done successively; rather, they are done simultaneously, to cause the highest levels of confusion and mayhem for the Blue Team. For example, one part of the Red Team may try to hack into the password database, while at the same time, another part of the Red Team tries to gain access to the main entry of the organization by using covertly replicated access cards.
It’s important to note that effective Red Team Testing doesn’t happen overnight. It can take up to a year for the team to examine the targets it will hit, just as today’s real Cyber attackers will take plenty of time to identify and research their targets.
A primary advantage of having a Red Team conduct your Penetration Testing is that they will offer an unbiased, holistic view of the weaknesses not only in your IT Infrastructure, but also among your employees and the physical conditions of your office location(s).
Unless they are given specific directions by the client, a Red Team does not follow a defined methodology when conducting their Penetration Testing exercises. Their goal is to try to gain access into just about everything imaginable at their client’s business.
A future article will examine the role of the Purple Team, which is a combination of both the Blue Team and the Red Team.