4/20/24
Designed to prove detection
Purple teams aren’t designed to test preventative safeguards. Assumes defenses fail and test your detection tools and processes.
How it’s different from other security tests
Collaborative & educational
Traditional pen tests happen without direct IT/Security involvement. Purple teams have them actively included.
Staged to create efficiency
In pen tests, most of the time is spent on trial and error trying to bypass defenses. Purple teams stage the attacks to be more efficient.
11
11
Scattered Spider at MGM
§ MGM was breached by Scattered Spider ransomware gang on September 11, 2023 § Scattered Spider identified employees on LinkedIn and used social engineering against the IT helpdesk to obtain credentials § Once inside of the network, Scattered Spider deployed the ALPHV/BlackCat ransomware to access customer PII and ransom the casino’s operations § For 10 days, MGM operated without technology
§ Used paper receipts for casino winnings § Gave guests physical keys for hotel rooms § Resulted in a $100 million loss per MGM’s SEC filing
12
12
6
Made with FlippingBook - Online catalogs