A top 10 automotive supplier struggled to find an enterprise consulting firm with the skills needed to identify and exploit sophisticated attacks on its perimeter. The auto company had engaged several consulting firms to leverage advanced attacks, and the company was consistently left with potentially significant vulnerabilities. The auto company did not have the budget needed for a large-scale red team test. The company’s security challenges required laser focus from a team with advanced exploitation and lateral movement capabilities, but each consulting firm the company hired struggled to deliver on those requirements.
During a CISO summit, the auto firm asked various companies which firms they used for penetration testing. CBI’s Advanced Testing Services (ATS) team was recommended consistently. First, CBI’s ATS team worked to fully understand the auto company’s expectations and requirements, and then CBI created a proposal that aligned with those requirements and available budget. The CBI ATS team is comprised of consultants that are veterans of the industry—many with more than a decade of advanced exploitation experience. The auto company’s solution was to leverage CBI’s ATS team for more effective testing at the right cost.
CBI identified a critical vulnerability using highly sophisticated techniques on the company’s external perimeter. By leveraging this vulnerability and linking it with other tactics and techniques, CBI was able to completely compromise the environment with no alerts or notifications received through the auto company’s SOC. CBI emulated the attack path a malicious adversary would take, gaining full access to the domain, sensitive data, and corporate bank accounts with over 500M dollars. The CBI ATS team immediately worked with the auto company to help quantify the risk and remediate critical vulnerabilities. CBI then worked with the company to create proper alerts for the malicious techniques leveraged during the engagement.
