By Tobias McCurry
Companies have a hard time justifying a need to test their internal environment. The internal network is often a mystery box of systems. A majority of companies have adopted a DevOps model of software development that often results in a very thin line between development and production operations. The thought is that security can be added later or is not as important as external security. A review of recent company compromises shows that hackers will find a way in, so you should have a strong internal network or a plan to strengthen it. But where do you start?
When we perform penetration testing we often suggest to clients that testing should include an internal assessment. Most clients don’t think that a hacker could ever get inside their network. Some of our clients have had their external network scanned, revealing little or no vulnerability. So how is a company compromised if there are no external vulnerabilities? In most cases, attackers use malicious emails in what is called phishing. This attack method typically uses a simple email request for information with a nondisclosure agreement attached as a Word document or a PowerPoint slideshow containing some hidden code.
What might this bad document look like? Once the recipient opens the document, the exploit is set into motion. Here is an example.
Now that a hacker is in the network, what could happen? This is where our internal assessment allows you to know your risks and develop strategy and mitigation controls to contain that risk. Without this information, a company cannot plan to handle a threat that is so completely unknown.
These types of phishing attacks are taking place every day. Here is an example from a researcher working with Microsoft.
Getting to know your internal network and how a potential hacker sees it is a great first step to lowering your risk profile. If you would like to know what would happen if a hacker got into your network, contact us to set up an internal assessment.