Monitoring the physical location of Lapland Industries(Santa’s Workshop) to see how physical access may be possible.
As Cybaverse continues its Red Team, a test on Lapland Industries physical security was required. Having conducted Phishing and Vishing tests, Cybaverse look to compromise Santas Workshop's physical security.
Due to the coverage in the news, organisations are hyper aware of Cyber threats and invest in tools and tests to ensure their systems remain secure. This can mean that sometimes, physical security is overlooked.
Physical security infiltration testing allows organisations a realistic overview of the effectiveness of their current physical security measures.
The primary goal of this test is to gain physical access to a building or site where threat actors could access the network or obtain personal information from physical items such as files or official records.
This typically includes an assessment of the following security protocols:
Cybaverse spent some time monitoring and collecting information on the physical location of the Workshop. This was done via Google Maps, looking at employees on social media to see if they have posted pictures of the Workshop, public records and physical observation. The Workshop had a significant glass entrance and large windows which allowed considerable visibility into the building. This allowed Cybaverse to put together the following plan for the workshop.
Cybaverse noticed that the games table was an area where elves from all departments get together. Therefore, an outsider is less likely to be noticed. After games, we witnessed elves holding the doors open for their colleagues. We developed a plan to send two individuals undercover to play table tennis with the elves to gain trust and hopefully gain access to the canteen.
Once in the canteen, Cybaverse would need to sit close enough to a fellow elf to clone their access card and use this to gain access to the rest of Santa’s Workshop, including key IT infrastructure.
Like cyber security, physical security requires a number of different tactics that create layers so that if one tactic fails, another one is in there to act as a failsafe. Typical tactics to protect against physical security Infiltration are:
Now that physical reconnaissance is complete, tomorrow Cybaverse will try to gain physical access to Santa’s workshop!