Industry: Financial
Location: Europe
Profile: This client is the national bank of an EU member country
LRQA’s solution
A key differentiator in our TIBER testing is our dedicated Research and Innovation team who are at the forefront of the industry, creating new tools and techniques to further our capability. This team proactively gathers Cyber Threat Intelligence (CTI) and has implemented a global honeypot network with over 200 nodes distributed around the world, including strategically placed devices in key global services hubs.
Three-Phase Approach
Phase One – Preparation
Reconnaissance and Weaponisation
We conducted a full threat assessment of the clientʼs environment. During this time, we collected as much information as possible about the target, including its people, technology, surroundings, and environment. This information was used to paint a picture of the target and its primary operations. At this stage, we also set out the scope for the testing, and established the teams executing the engagement.
Phase Two – Testing
Delivery & Exploitation
Using the provided threat intelligence report, the Red Team attempted to compromise areas such as servers, apps, network, and staff through tactics such as phishing and spoofing. This was achieved through customised scenarios designed to reflect the sophistication of the threat actors and delivered a three-scenario-targeted TIBER assessment. Focus was placed on determining whether critical business functions could be impacted from the perspective of confidentiality, integrity, and availability.
Phase Three – Closure
Action and Outcome
We were able to provide a clear understanding of how vulnerabilities could be chained together to gain systemic access to core information assets. During the exercise, we gathered meticulous records of all Indicators of Compromise (IOCs), to help support the Red and Blue Team workshop, which was performed post-engagement. The Red and Blue Team workshop sought to reconcile the artifacts to events seen by the detection and response (Blue Team) to provide an assessment of the clientʼs current security capabilities. By reviewing both strengths and weaknesses, along with the effectiveness of technology, people, and processes, the client could effectively amend existing workstreams.
LRQA Services Deployed:
• Threat Assessment
• Cyber Threat Intelligence
• Red Teaming
• Blue Teaming
Results
Key Results:
• Detailed threat assessment
• Improved security posture
• Robust detection and response capabilities
• Informed security amendments
Through a TIBER engagement, LRQA’s Red Team can help identify security vulnerabilities and weaknesses in the organisations systems and processes. This helps decision-makers to make informed choices about security investments and risk management strategies while also allowing for proactive measures to be taken to prevent potential attacks via the execution of realistic TTPs and adaptation to the environment, the Red Team can identify areas of the organisation’s security posture that are not being effectively addressed, allowing for a more guided approach to prevention and detection. At the end of a TIBER engagement, The Red & Blue workshop performed allows the Red Team to provide valuable insight and recommendations to the organisation’s Security Operations Center (SOC), helping to improve its overall effectiveness in detecting, responding to, and preventing security incidents.
Clients Testimonials
“The quality of the services delivered by LRQA was outstanding. All members of the team were knowledgeable and demonstrated a vast array of experience in performing similar projects. Communication throughout the engagement was always clear, involving the right people with the right expertise. The team upheld a proactive approach, actively contributing to the planning of the engagement and providing valuable input at crucial decision points.
At the end of the active testing window, an elaborate replay workshop was organised in which LRQA ’s Red Team consultants provided the Blue Team with an in-depth explanation of the actions performed. Via high-quality reporting and additional support from LRQA , our detection mechanisms are now fine-tuned, leading to an immediate improvement in our detection and response capabilities.
As a result, valuable lessons have been learned and measurable improvements to our security posture were made, all of which were largely thanks to the quality of the services delivered by LRQA, as well as their excellent collaboration with all relevant stakeholders of the engagement.”