Finance: Evolving From CBEST to Risk-Based Cybersecurity

Global | Financial Services | B2B

• Company size: 2,500+ 
• Service: Digital, physical and social attacks 
• Client since: June 2023
• Tier: Increased from 25% to 50% monthly subscription

Overview

Our client is a centuries-old financial institution with customers worldwide and 2,500 employees. Our client faced mandatory CBEST for compliance every 2-3 years in a highly regulated industry.

To get ahead of their requirements, the client hired CovertSwarm to implement a more proactive and risk-based approach and improve their overall cybersecurity posture. 

Challenge

The client’s initial concern was that even in the heavily regulated financial sector, its compliance with the CBEST framework (every 2-3 years) wasn’t enough to address the potential gaps of the constantly evolving organization. 

The CBEST framework focuses solely on known vulnerabilities, they wanted to get ahead of this requirement by transitioning from the CBEST framework assessment to a constant risk-based approach integrated into the security posture, covering their entire organization. 

Objectives

Elevate their security posture by moving from the standard pen testing, which focused on the known vulnerabilities, to a full-scope cyber attack simulation, mimicking an Advanced Persistent Threat (APT). This aims to find unknown vulnerabilities and help them mitigate these risks before a bad actor could exploit them.  

Our Approach

Attack Chain 1:

The initial process began by following our standard OSINT (Open-Source Intelligence) procedures.During the initial OSIN analysis, CovertSwarm experts provided additional context while also finding previously unidentified risks, including dangling DNS records, which were immediately communicated with the client and remediated within hours. 

From here, CovertSwarm then tested their digital estate, including both their largely secure external perimeter and their internal perimeter, where an assumed compromise was carried out on their Crown Jewels estate. 

During this simulated attack, CovertSwarm gained access to their key infrastructure and built a custom payload that bypassed their Endpoint Detection and Response (EDR) SentinelOne. 

We were then able to install Command and Control. (C2) infrastructure, and successfully exfiltrate data. 

As a result of this one attack, the client implemented improvements into their Security Operations Center (SoC), Security Event and Management (SEAM) Rules, firewall, Endpoint Detection and Response (EDR) and overall security process. 

Subsequently, when the attack was repeated, it was unsuccessful.

 

Attack Chain 2:

For our next attack CovertSwarm sent two separate teams to attempt to gain unauthorized access to the client’s building, a highly secure and visible building in the city.  

During this attack, CovertSwarm was able to view IT equipment, secure information, and position themselves to steal hardware and infrastructure, all while evading detection and expulsion by the client’s significant physical on-site security team. 

A full debrief was conducted with the client, explaining the nature of the attack and how CovertSwarm was able to subvert their processes. 

Three months later,  CovertSwarm replayed the attack but was unable to breach the building proving that the guidance and mitigation worked to improve their security. 

Even when given assumed compromise access inside of the building, they were successfully challenged and expelled. 

The Results

After both attacks were carried out by CovertSwarm- of which we have now carried out dozens-, we were able to identify risks, work with the client to remediate them, and then confirm that that the risk has been mitigated giving reassurance on their cybersecurity posture.  

Conclusion

After working with CovertSwarm for about 10 months, and because of constant breaches and improvements to their security posture, the client has now doubled their subscription with us.

The CovertSwarm team has created a different dynamic, pushing their internal team forward and testing their cybersecurity strategy, giving the company constant reassurance of their posture and investments while also getting from CovertSwarm all the compliance and regulatory requirements.