As with any tech-driven company, here at Cuebiq, security and privacy are imperative to our everyday success. What sets us apart from the rest, though, is that privacy has been a core value we’ve embraced since day one. We truly believe it’s our duty to keep all data secure and, in doing so, provide our clients with top-notch security and privacy practices.
But, Cuebiq’s Security Team doesn’t just settle on merely following industry best practices — our goal is to set the bar higher.
One of the many ways we do this is by constantly testing our security framework and tools. We do this by routinely performing advanced red-teaming and evasion tests. We want to make sure that we aren’t just “checking a box” when it comes to security, but rather investing in the right kinds of security products and tactics that elevate Cuebiq’s security in the industry.
So, let’s talk about one of our tests…
Specialized Testing Scenario
One of the very first scenarios we tried to simulate was a typical endpoint protection evasion test. Simply, we wanted to test a current security product we use for protecting our endpoints.
In short, this test started by acquiring a basic malicious payload which we then embedded into a script. We did this to understand if our endpoint protection tool was able to flag it as malicious.
We use one of the industry’s “top tools” for detecting in-memory and behavioral malicious artifacts. And we thought this would be an easy test, but we soon realized that even with the latest version of the anti-malware engine, the payload was not detected.
In fact, after the execution of the payload (and the evasion of the product), we expected that the anti-malware engine would at least be able to detect the malicious behavior we were also testing on some other targets; unfortunately, none of the following actions were spotted:
- remote enabling the mic and recording the environmental audio
- remote screenshot capture and data exfiltration
We were concerned by our findings, but also happy that our consistent security efforts worked. After the test, we reported this anomaly/vulnerability to the vendor and requested a technical call to reproduce the issue to better understand the situation.
After identifying this vulnerability and working with the vendor, about a month later a new update was issued to the product that should have corrected the flaw we helped discover. After the analysis of this new version, the problem was still in place, so we contacted the vendor again to provide further information. Another version was then released, and here’s the great news: After performing another analysis, our Security Team realized that the vulnerability was not in place anymore, and the payload was correctly detected!
In response, we are working with the vendor to recognize our finding as a vulnerability, so that we can open the CVE (also as a recognition for our work and Security Team!)
Tying It All Together: What We Learned From This Analysis
So, what lesson did we learn from all this? Never take for granted the effectiveness of any product or security framework. It’s imperative that all security teams routinely test their security products to find any flaws (before hackers do!)
Putting our security tools and framework through our rigorous testing not only enhanced overall security at Cuebiq but also contributed to helping the industry build better security products — setting the bar higher for security teams around the world!
Does this sound like a company you want to work for?
Check out Cuebiq’s career page.