Good guy hackers: St. Paul company uncovers companies’ cybersecurity weaknesses

/in


Their mission this night: uncover cyber and infrastructure security weaknesses at Intereum, an office furniture supply company. 

“We worked with this organization to do what we called penetration tests,” said Matt Quinn, Intereum’s vice president of integrated solutions. “They worked on trying to get through the perimeter, through the physical parts of the building … we also had them take some steps around cybersecurity, vulnerabilities.”

“Show you, yep, we were able to get through this door, we were able to bypass this censor,” Halbach said. “And at the end of the day we plugged into your network and took it over.” 

The idea is to beat cyberthieves at their own game before an actual ransomware attack or other threat. 

“Try to look at any available computers that they could get through,” Quinn explains. “Try to get on to our network, once they got into the building, as well as continue just to snoop around where our servers are, just to see if they could get access to our network.”

The team is made up of two parts: One company, RedTeam Security, zeros in on computer systems. Their partner, FoxPoint Security, accesses the building itself. 

“The more integration we have with our networks to our physical locations, the more ways there are to compromise it,” said Bryan Carver, a FoxPoint spokesperson. “If a building per se has a security network that locks the doors, or unlocks the doors, people, property, or operations could be held hostage.” 

“Because if you have the most secure computer network in all the world, but your door’s unlocked and anyone can walk in and steal your laptops, that’s a pretty big issue,” Halbach added. 

Within minutes, both teams are inside — although they’ve triggered an alarm system. 

They quickly locate Intereum’s servers. Equipped with USB drives loaded with a custom code to remotely control the company’s computers, RedTeam finds an unlocked laptop that allows them access. 

“We actually had an employee transition at the time, and that computer was left open and available that evening,” Quinn said. “And, of course, they got access to it, and that, of course, would be a…

Source…