Success Story: How a Pentest Protected a Logistics Company from Ransomware

vincentcox
Updated on
Share:

Key highlights

Proactive security proves its value: Implemented security measures minimized the impact of a subsequent ransomware attack

Holistic security approach: From initial application pentest to complete infrastructure review and improvement process

Knowledge transfer and collaboration: Close cooperation with development and IT teams resulted in sustainable security improvements

Context

A logistics company with international clients approached us for a pentest of their main internal application. This application served as the central information system between drivers, demand planners, and warehouse. Besides tracking information about freight shipments and route optimization, the application also contained customer information. As companies increasingly face questions about their compliance with security standards, this company wanted to proactively conduct a penetration test on their main application.

We have removed all details that could identify this company and have received permission to publish this story.

No business as usual

Our team began the pentest on the web application, focusing on common vulnerabilities such as SQL injections, cross-site scripting (XSS), and authentication weaknesses. During the test, we discovered an interesting vulnerability that not only gave us insights into the underlying workings of the application but also provided indicators about the backend server infrastructure. This was a so-called command injection vulnerability.

885
892
A command injection vulnerability allows execution of arbitrary commands on the server. In this example, a command is executed that shows active connections, as proof of concept.
After discussing these initial findings with the application’s development team, we received permission to test the underlying infrastructure in addition to the application.

We discovered a vulnerability in the AWS architecture that gave us complete control over the various servers through a combination of misconfigurations and outdated server versions.
 

This meant that a malicious person could gain access not only to the application but also to sensitive customer data, logistics data, and API keys that were linked to other external parties.

This finding demonstrates that security is very broad and often doesn’t stop at the scope one initially has in mind.

All hands on deck

After consultation and close collaboration with the infrastructure team and developers, we took the following steps:

Server management revision: By using a different server management system, both the server patching problem and inventory management problem were solved. This made servers easier to update and maintained an current list of servers under management.

Segmentation and firewall security: Through several adjustments to the firewalls, individual servers were separated from each other with whitelisting on a need-to-be basis.

Monitoring and logging: Centralizing monitoring and logging to quickly detect suspicious activities.

Application patching: The development team received tips from us and a brief training to prevent future misconfigurations and make use of security frameworks to integrate into the application.

This approach led to security improvements not only in the application but also in the underlying server environment on which it ran.

"Give a Man a Fish, and You Feed Him for a Day. Teach a Man To Fish, and You Feed Him for a Lifetime"

Thanks to the extensive pentest and implemented improvements, the logistics company now has a robust security strategy that extends beyond just their web application.

The ultimate test

Three months after our initial pentest, the organization was hit by a targeted ransomware attack. Thanks to our previously implemented measures, particularly the improved segmentation and monitoring, the impact remained limited to a small, isolated part of the network. This confirmed the value of our holistic security approach and the importance of proactive security measures.

Conclusion

This case shows that pentesting isn’t just about securing applications, but also about detecting weaknesses in the entire IT environment. We try to think proactively as much as possible and stay as close as possible to the developers and IT admins. We’re also very pleased with the client’s quick response, which allowed us to involve the right people very quickly. Thank you!

Interested in working together?

We’d love to explore how we can help you. Book a short meeting to discuss how we can help your company.
Plan a meeting
Contact us via email

Next post
SaaS Sunday: Building a high-Performance Security Header Scanner on a Budget in one day