Scenario:
- The scenario unfolds at Quantum Financial Solutions, Inc., a multinational finance firm specializing in high-speed trading and managing billions in client assets. Despite stringent security policies, Quantum Financial has identified suspicious network activity that suggests a possible breach in their Secure Trading Network (STN).
- The CISO, Adrian Clark, calls for an immediate evaluation of their current network architecture.
- Quantum’s network includes several critical systems:
- Client Transaction Servers (CTS) that handle real-time trading requests.
- Proprietary Analysis Engines (PAE) for complex market forecast modeling.
- Secure Communication Hubs (SCH) linking branch offices and the primary data center.
- Administrative Workstations (AWS) used by employees for day-to-day operations.
- The company fears that if adversaries manipulate trading activities or access sensitive client data, the financial and reputational damage could be catastrophic. The exercise simulates an attack by the notorious “Market Mavens” cyber group known for targeting financial institutions. Quantum seeks to enhance its security posture by redesigning its network architecture to be more resilient against such sophisticated threats.
Playbook Objectives:
- Assess the current network architecture vulnerabilities.
- Develop a secure layered network design strategy to protect critical assets.
- Ensure continuous operation and integrity of trading activities.
- Design a network zoning that aligns with the principle of least privilege.
- Test and validate new security controls and configurations in a simulated environment.
Difficulty Level:
- Expert (participants should have sound knowledge of network security concepts and prior experience in designing secure network architectures).
Category:
- Secure Network Architecture Design; Network Segmentation and Isolation; Intrusion Detection and Prevention Systems.
Exercise Attack Steps:
- Intelligence Gathering: Identify key network assets, entry points, and potential vulnerabilities in Quantum’s network.
- Breach Simulation: Attempt to breach the network perimeter by exploiting discovered vulnerabilities.
- Lateral Movement: Once inside, simulate an attempt to move laterally towards the Client Transaction Servers.
- Data Exfiltration Simulation: Emulate the extraction of sensitive market data from Proprietary Analysis Engines and its movement towards an external drop point.
- Denial of Service Attack: Coordinate a disruption to the Secure Communication Hubs to test resilience and failover mechanisms.
- Clean-up and Recovery: Perform actions to restore services and strengthen defenses as part of the incident response phase.
- Review and Redesign: Analyze the exercise findings to propose an improved network design, ensuring the protection of critical nodes and implementation of stricter access controls.
- Implementation in Cyber Range: Apply the redesigned network architecture within the cyber range environment.
- Re-evaluation: Carry out a second round of simulated attacks within the new network design to measure improvements and detect any remaining vulnerabilities.