SITUATION
A global private equity firm made several cybersecurity investments, including the implementation of new “detect and respond” technologies, password-less authentication schemes, and on-boarding experienced certified hires on the security operations team. However, the firm also wanted to ensure they were prepared to respond to a significant cyber-attack in a timely manner.
The firm hired FTI Cybersecurity to perform an internal penetration test against their New York City and London offices to help their board determine if a disgruntled employee or malicious contractor could obtain unauthorized access to key systems and sensitive data. The client also wanted to assess whether the security operations team could accurately detect threat actors within the network.
OUR ROLE
FTI Cybersecurity completed the penetration test over a period of two weeks. Our Offensive Security team bypassed enterprise security technologies such as privileged identity management, endpoint threat detection, and response controls to compromise several employee and server administrator accounts to gain full control over the client’s global enterprise environment.
Our experts also held debrief sessions with the Global CTO and Information Security Lead at the end of every day of fieldwork to discuss key areas for improvement and address any indicators of compromise observed by the security operations team. FTI Consulting also provided additional recommendations to improve incident detection and response times for the SOC team.
OUR IMPACT
It took less than two days for our team to compromise the first employee workstation and obtain an initial foothold on the firm’s internal network, and only six more hours to gain full control of the firm’s global IT infrastructure and business systems. FTI Consulting identified several weaknesses that could be used by threat actors to install ransomware, facilitate fraud, share sensitive information, or cause operational outages.
Working with the FTI Consulting’s Offensive Security team has helped the firm quickly and reliably highlight what cybersecurity measures are working, and where they need to improve. The ethical hacking team was able to exploit weaknesses in core configurations and obtain administrator rights to the entire global network from the New York office in a safe and controlled manner, without impacting regular business operations during the tests.