Playbook Objectives:

• Understand and identify potential threats to serverless architectures in DevSecOps.
• Test and evaluate the security proficiency of the IT team.
• Recognize areas of improvement and develop strategies to strengthen security defenses.
• Get hands-on experience on how to mitigate, respond, and manage cyber threats effectively.

Difficulty Level:

• Intermediate

Scenario:

• The company, Good Health Pharmaceuticals, is a leading player in the healthcare sector specializing in therapeutic drugs. They have recently shifted their IT operations towards DevSecOps in a serverless architecture. As part of their proactive approach to cybersecurity, they decided to conduct a Cyber Range exercise.
• Initially, everything was proceeding smoothly until a hefty piece of data was perceived missing from the Drug Research Division. Further investigation revealed that an illicit script was siphoning off sensitive research data out of the system. The IT staff was taken by surprise as they hadn’t detected any glaring system vulnerabilities in their regular server checks.
• The CFO, Mr. Iain Harper, having been previously burnt by a cyber attack at his previous organization, insisted on this exercise. His understanding of the huge financial fallout that could leave the company crippled drove him to advocate for stringent cybersecurity norms.
• The exercise is primarily conducted to identify the security defects, test the team’s potential to ward off the security threats, and expose the IT personnel to real-world incident response scenarios. By running this exercise, the company aims to build a resilient system that would effectively secure the confidential data present in the cloud environment, protect the business-critical applications running on serverless architecture, and ensure business continuity in times of security attacks.

Category:

• Cybersecurity, DevSecOps, Serverless Infrastructure

Exercise Attack Steps:

• Identification of the initial system breach and the type of script used.
• Detecting the route the adversary used to infiltrate the serverless system.
• Analysing the DevSecOps process to ascertain the stage at which the breach occurred.
• Investigation of how the hacker bypassed the detection systems.
• Identifying the vulnerabilities the adversary leveraged in the serverless architecture.
• Running a controlled and similar attack in a test environment to understand the effectiveness of the current security safeguards.
• Developing strategies to mitigate the risks and patching the identified vulnerabilities.
• Running the controlled attack again after implementing the new security measures to validate their effectiveness.
• Dissipating lessons learned and revising security protocols accordingly.
• Lastly, Documentation of the entire process and updating the playbook as necessary.

This exercise would not only test the IT personnel’s dexterity in mitigating similar attacks in the future but also ensure robustness of the serverless architecture.