Know Your Enemy
River Security follow closely the attackers’ behaviors and attack techniques. In studying attackers Tactics, Techniques and Procedures (TTP’s), our tools are sharpened and tailored to discover weaknesses in organizations defenses so we can better defend ourselves. Our Red Team uses the same attacks and techniques of attackers, and those we use in penetration tests, to help uncover vulnerabilities continuously.
River Security does not only do testing, scanning and different vulnerability checks on assets discovered, we also pay attention to notable events in the industry. When flaws and vulnerabilities are discovered by Threat Intelligence communities, or just happened to be talked about on Social Media, the team acts on behalf of our customers to uncover if they are at risk. Risk on one hand is interesting, but our team also provides our recommendations to remediate and stop the issue.
IT and Cyber Security changes rapidly, and the team at River Security closely follows attackers latest developments. We do our best to help our customers uncover and mitigate threats regarding Threat Actors latest Tactics, Techniques and Procedures (TTP’s). These are TTP’s we actively use while conducting penetration testing, something which we use actively to fuel our development within the Active Focus service.
Ransomware, Cryptocurrency Miners And Monetization
A significant threat towards most organizations today is the advent of Ransomware, Cryptocurrency Miners and other ways of Monetization such as extortion, identity theft and more. Our team focus especially towards the current threats against organizations, and as new threats are developing.
By monitoring new openings in network-services, for example when a network administrator makes changes in a firewall, we can rapidly start checking these new services for flaws and vulnerabilities. Even if a service is only opened up for a small duration, maybe a few hours once a week, the team still takes pride in able to discover these services to uncover the risks they might hold.
Technology is rapidly changing, and most organizations have a plethora of different technologies representing their IT systems. By constantly mapping every service and which technologies they hold, we are able to map the technology to lists of known weaknesses and give accurate and actionable penetration tester comments on vulnerabilities it is important to address. Additionally, the team relies on vulnerability scanning modules to support finding additional vulnerabilities.
Users are known to be a big threat to organizations and Credential Stuffing is a common Technique attackers use for compromise. Credential Stuffing is a technique where attackers leverage breach data from other compromise websites to test if the same password is used for accounts within the organizations. Every month there is newly breached websites which employees have registered with. This is why we check multiple sources all the time to get the latest breach data, including usernames and passwords, so we can rapidly disclose and test our customers for these threats.
Sensitive Information – Unintentional Sharing Of Data
Modern Content Management Systems allows for information to be publicized in different ways, allowing employees to share data in easy manners. Many of these systems are understood by River Security, allowing us to search, query and dig through them looking for sensitive material. By assessing the systems in great detail, using attack techniques to enumerate and discover content, we are able to find sensitive information which should have never be published online. Some examples include:
- Copies of Source Code exposing sensitive business logic and passwords
- Source Code versioning systems exposing secrets in the history
- Spreadsheets containing Personal Identifiable Information and other GDPR sensitive information
With automation, River Security continuously refreshes our datasets which allows the team to discover and report on when new possibly sensitive information is found.