0% found this document useful (0 votes)

65 views4 pages

Case Study

We helped a global auto parts manufacturer test their security posture by penetrating their network in a penetration test. We identified over 360 vulnerabilities across their vast infrastructure spread over two continents, including 55 critical weaknesses internally. We were able to compromise CCTV cameras, access storage systems, and gain control over their production through their SCADA systems. The client found value in our findings and guidance to improve their security.

Uploaded by

gowthamiselvanc

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

65 views4 pages

Case Study

Uploaded by

gowthamiselvanc

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 4

HOW WE HELPED A GLOBAL AUTO PARTS

MANUFACTURING COMPANY BY TESTING

THEIR SECURITY POSTURE?
INTRODUCTION
An auto parts manufacturing company in the USA sought a cybersecurity company to identify vulnerabilities in their

network and test if these weaknesses could be exploited. They engaged CSW to replicate an attack on their network

and provide an attack validation perspective.

SCOPE OF THE PROJECT

Our team of pentesters tested over ten external subnets with 300 live hosts and around 60 internal subnets with

15000 endpoints. Our goal for this engagement was to test their security controls and see if we could bypass them.

It was a challenging objective because their infrastructure was spread across two continents.

CSW’s pentesters use a unique blend of manual and automated processes to discover vulnerabilities that could be

exploited. The vulnerabilities are then prioritized based on the threats they pose, the value of the asset, and the

impact of the breach. We then validate each vulnerability by mimicking a threat actor’s stealth attack methods. Our

pentesters use tactics, techniques, and procedures (TTPs) used by Advanced Persistent Threats (APTs) to penetrate

the client’s defenses.

We deliver our findings through a near real-time platform using which the client could see our progress and interact

with our pentesters during the engagement. The platform is intuitive in nature and provides synchronized delivery of

results that enabled the client to begin remediation immediately.

THE SCOPE THE CHALLENGE OUR FINDINGS

Vast infrastructure spread Numerous critical Weak passwords

over two continents weaknesses in external &

internal network Easy access to

Network pentesting of sensitive data

external and internal 360+ vulnerabilities with 55

critical weaknesses in the Found evidence of Ryuk

AI-based antiviral system internal network ransomware attack

Many unique vulnerabilities

with RCE

The client is an auto parts manufacturer located in the USA and China. A global supplier to
international automakers, their customers represent 80% of the auto market share in the world.

HOW WE HELPED A GLOBAL AUTO PARTS MANUFACTURING COMPANY BY TESTING THEIR SECURITY POSTURE? 1
CHALLENGE
We discovered many unique vulnerabilities in the client’s external network, and many were extremely critical with

remote code execution capability. CSW team used anti-virus evading tools and malicious scripts to bypass the

system but our attempts were unsuccessful as the client had an AI-based anti-virus system that was effectively

securing their external network.

We discovered 15000+ endpoints across 60+ subnets in the internal network. We identified over 360+ vulnerabilities,

of which 55 were critical. Many of these unique vulnerabilities had RCE capabilities and insecure passwords etc. that

were easy to exploit.

The pentesting began with the exploitation of vulnerability MS17-010.

We were able to bypass the system and create a local user without administrator’s privileges.

We found that many systems used the same credentials that enabled the pentester easy access to

database backup files.

Using compromised credentials, we were able to access the backup data of over 50+ hosts.

We could also access their MongoDB without authentication and see their sensitive data.

We used exploit tools to test their IP cameras and reset the password and gain control over it.

While testing, we also found evidence of Ryuk ransomware attack in the past.

IMPACT
Our team was able to read configurations (including account passwords), access the CC TV camera images

of their manufacturing floors, or modify the camera firmware.

We got access to their storage systems which had their entire data.

We were able to get full access to their SCADA configurations and control supervisory and data acquisition

parameters to reconfigure and shut down their production, locally or remotely.

Our team was able to move through the network and identify, intrude, and exfiltrate valuable data. We were

able to gain access to a low-privileged asset -, a host machine at the manufacturing plant in China through

which we acquired privileges to move between devices and applications in the network, and gained access

to the organization's prized data assets at another plant in the USA.

We were able to successfully demonstrate how a threat actor could penetrate the customer’s defenses, gain control

over their proprietary data, spy on their manufacturing plant and shut down their production.

Compromise & access customer’s CCTV camera Access their storage systems

HOW WE HELPED A GLOBAL AUTO PARTS MANUFACTURING COMPANY BY TESTING THEIR SECURITY POSTURE? 2
ATT&CK MITRE MAPPED
Initial Internal Remote Valid
Access Services Accounts

Exploitation for
Execution chief Execution