Identified Attack Vectors Exposing ICS Environment for Energy Sector Organization
- Energy Sector
- +$175 million revenue
- ~2000 employees
- A large energy sector organization wanted to understand the risk surface expose to a malicious actor who has access to the internal network as well as determine if segmentation controls in place effectively prevent the ability to move from the internal network to the industrial control systems (ICS) environment.
- Executed a week-long network penetration test and targeted segmentation assessment.
- Exploited an attack chain to demonstrate how a malicious actor can escalate from simple internal network access to full compromise of Active Directory
- Uncovered several unintended vectors to obtain access to the ICS environment from the main internal network, allowing access to sensitive systems and applications
- Client was able to prioritize remediation efforts to further secure both the internal and ICS networks