Strengthening Security Posture with Attack Simulation

Learn how Orro helped a public transport provider strengthen and mature their security posture through advanced attack simulation and social engineering techniques.

Cyber Security Attack Simulation

Challenge

An Australian based public transport provider has invested in significant infrastructure and resources to raise their corporate IT security posture to a highly mature state. Having implemented appropriate security controls and processes, the provider was interested in stress testing the corporate IT environment to identify any security weaknesses which may exist, and to test its capability to identify, respond, and protect the business from a real world cyber attack.

Solution

Orro was engaged to perform an attack simulation against nominated physical locations and associated corporate IT infrastructure due to our proven experience as subject matter experts in critical infrastructure and industrial control system environments. Using various real world attack sequences, Orro identified weaknesses in the current security solutions which the provider had not factored in as potential attack vectors. Exploiting both physical and technical vulnerabilities, we could test the implemented defence controls and processes, providing invaluable data for analysis, as well as a prioritised list of recommendations for risk mitigation. Gaining physical access, as well as system access via carefully constructed phishing campaigns raised awareness levels for social engineering type attacks providing the business with a baseline of current staff awareness levels around these forms of attacks.

Outcome

The attack simulation identified both physical and technical controls which successfully secured the business from common attack vectors utilised by threat actors. The attack simulation also provided the customer with various vulnerabilities which were exploited via attack methods which the transport provider had not anticipated when implementing their corporate IT security protections. With vast amounts of logs and data collated during the exercise, the customer has been able to finely tune current controls and processes in order to further strengthen and mature their current security posture. Social engineering techniques utilised during the simulated attack has enabled the provider to focus on training techniques to increase staff awareness in relation to both physical and phishing based attacks. This awareness campaign has also provided staff with the necessary knowledge to help them protect themselves from cyber security threats in their personal lives.

The customer name has been withheld due to confidentiality. More information can be provided by contacting Orro directly.

Related Resources

A group of towers against a blue sky as seen from below.
23 February 2022
Our client is an Australian company providing financial services nationwide as well as in 26 other countries. The client is also ranked among the world’s top general insurers.
3 September 2021
Learn how Orro helped deliver key products and services for the Intelligent Traffic System (ITS) network for the South Coast Region of QLD to support the then upcoming 2018 Commonwealth Games.
Students walking on a TAFE Queensland campus.
30 November 2022
In order to bring the best-in-class learning experiences to their students, TAFE Queensland sought Orro’s help to upgrade and future-proof their network.