en flag +1 214 306 68 37
Network Penetration Testing for a Leading Mining Company

Network Penetration Testing for a Leading Mining Company

Industry
Mining

About Our Customer

The Customer is a mining company with facilities in the United States and Europe. Over more than 60 years of its history, it has become one of the global leaders in the field.

A Competent Vendor Was Needed for the First Professional Security Checkup

As the news about disruptive cybersecurity breaches in the industry became more common, the Customer decided to check the protection of its own IT environment. Since the company's processes largely depend on computer automation systems, it was crucial to ensure that hackers couldn't interfere with their work. Another goal was to see if any vulnerabilities could compromise the Customer's financial data and operations. With no security testing experts among its IT staff, the Customer was looking for a competent vendor to perform the first penetration testing of its extensive network.

Pentesting Detected Multiple Security Loopholes

Having found our penetration testing proposal and sample reports convincing, the Customer contracted ScienceSoft to test the security of its internal network, including Wi-Fi access points and Active Directory services. Considering the extensive testing scope, ScienceSoft's pentesters recommended applying the gray box approach.

As a result of the internal network exploration through vulnerability scanning and penetration testing, our team revealed nine security flaws of high severity and six — of medium severity. Our testers evaluated the network security level as low. Potential attackers with average to little technical skills could have found plenty of ways to get unauthorized access to the Customer's IT assets. Most of the detected network security gaps boiled down to these two issues:

  • SCADA systems that helped orchestrate and optimize mining operations lacked proper protection. ScienceSoft's security experts recommended isolating SCADA hosts in a separate closed network and strictly limiting access to them so they are reachable only through a jump server.
  • Outdated and unsupported operating systems and software in different network segments: Microsoft Windows, Microsoft SQL, Apache Tomcat, VMware, and more. All these obsolete components accounted for thousands of known vulnerabilities. A potential attacker could have easily defined the software versions and found the necessary exploits to launch DDoS, spoofing, remote code execution, man-in-the-middle, and other attacks. ScienceSoft's team recommended updating the systems to their current versions and keeping an inventory of all installed software to ensure regular updates and patches. If the Customer decided to keep using legacy systems, placing them in a DMZ would be necessary.

ScienceSoft's security experts provided detailed reports describing the vulnerabilities and the required corrective measures. After the Customer’s in-house IT specialists fixed the critical security issues, ScienceSoft performed another round of testing to see if they had eliminated all the security loopholes. The retesting confirmed the high security level of the Customer's network.

Since the network penetration testing was the first serious security checkup for the Customer, ScienceSoft's security experts recommended undergoing a full-scale IT security assessment. It would provide a 360-degree view of security gaps in the existing policies, processes, and technology to help the Customer make informed decisions on cybersecurity improvements.

ScienceSoft's team also pointed out the importance of social engineering testing as an efficient step to improve the overall security level of the company. Phishing and vishing attack simulation would evaluate and help improve the employees' resilience to malicious emails and phone calls.

Positive Cooperation Experience and Crucial Security Improvements

As a result of penetration testing by ScienceSoft, the Customer learned about the critical vulnerabilities that hackers could have exploited to infiltrate its IT environment. Thanks to ScienceSoft’s comprehensive guidance during and after the project, the Customer could better understand its cybersecurity posture, efficiently fix the security flaws, and plan feasible investments in its cyber defense. Satisfied with the cooperation, the Customer is planning to engage ScienceSoft in other security testing projects.

Technologies and Tools

Nessus, Burp Suite, Acunetix, Nmap, SSLscan, Dirb

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

More Case Studies