undefined | Better HN

0 pointstetha5y ago0 comments

More of a b2b context. However, we've had an unannounced pentester achieve RCE on our systems. Not a fun situation.

At that point, we were forced by our contracts, and data protection laws, and a CEO aware of all of these, to shut the affected productive system down. We stopped all services, set the firewalls of our hoster to only accept traffic from our office and that's it, while figuring out wtf happened. Those measures overall reduce the situation to a known situation again. If someone in our office is hostile.. that's another issue.

After a bit of analysis, we figured out the IPs attacking us and we blacklisted those on the firewall of the other production systems. Eventually things cleared up to be a pentest no one told us about.

If the attack had moved into these other systems, we'd have to extend the nuclear solution to those systems too. At that point, we'd have to lockout some 30k+ FTE users. I think we'd be able to make national news with that for our customers. Except.. not good news.

0 comments

htrp5y ago

When you say unannounced pentester, how the hell did that happen? Usually, isn't someone in the escalation chain aware of these types of things?

1 more reply

j / k navigate · click thread line to collapse