November 24, 2021
Manufacturer Uncovers Source Code Management and VPN Vulnerabilities

The Challenge

An American automotive manufacturer had a new CISO who wanted to take a fresh, unbiased look at the efficacy of the organizations’ security controls. The company had worked with CBI on its incident response readiness capabilities in the past; they were looking to evaluate defenses against the latest attacker tactics, techniques, and procedures (TTPs), and identify any unknown attack surfaces.

The Solution

Members of CBI’s Advanced Testing Services (ATS) performed reconnaissance to determine the topology of the network and live hosts. Approximately 700 live hosts were found connected to external IP addresses among the 45,000 addresses that were in scope for the engagement. Enumeration of the hosts took place to identify operating systems, services, and protocols. Vulnerability scanning, port scanning, service identification, OS fingerprinting, and DNS enumeration techniques were used, and firewall and VPN penetration testing were carried out.

The client had strong controls in place, but open-source intelligence (OSINT) gathering revealed API keys for an Azure service that were exposed on GitHub. That issue—coupled with the discovery of a misconfigured extranet VPN used for non-employees that could be accessed with any password-enabled CBI to breach external network infrastructure.

After discovering and connecting to a Veeam backup service with credentials captured via a forced authentication attack and password cracking, our experts obtained data that enabled them to pivot to other machines as a local admin and access internal networks. Attackers using similar TTPs could gain control over most domain user accounts and access sensitive data.

Case Study | Manufacturing VPN Vulnerability

The Results

In order of priority, we provided an easy-to-read report containing an executive summary and risk-ranked descriptions of the vulnerabilities we uncovered. The report detailed how vulnerabilities were exploited, and the exact steps required to remediate them.

The engagement complemented the organization’s internal vulnerability management efforts, and provided the objectivity needed to convey an accurate picture to key stakeholders. CBI manually retested after the remediation work was completed to verify vulnerabilities had been resolved.

View Case Study
About the Author
CBI | Cybersecurity Solutions
CBI Cybersecurity
CBI is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.
I Need To...