September 30th was not another ordinary day for the Organizers and Participants of the Cyber Fortress League. After several months of competition, the time has come for the grand finale, which once again took place in the hybrid version. This time, however, a small room in our office was not enough, but a hotel and a Cyber Fortress management center were needed.
The first season of the Cyber Fortress League started in 2020 and turned out to be quite a success, so on March 22, 2022, the first tournament of the second season was held. From the beginning, the games enjoyed great popularity, and in the end, over 60 teams appeared in the leaderboard. During the following months, the teams had to face various attacks, including HermeticWiper, Follina, MuddyWater. There were 20 scenarios in total during 6 tournaments, 5 of which were played during the finals.
At the Sound Garden Hotel in Warsaw, the organizers were busy from the morning to create a room for players, stands for fans and the entire networking zone with our Partners’ stands. Microphone tests, testing the best lighting, proper seating of teams – everything had to be buttoned up. Players started arriving very early – many were looking forward to the start of the finals. There was already a message that the final will contain five scenarios – so it could turn out that the current podium will change significantly. In addition, a completely separate final classification was created, in which only teams present during the stationary version of the event counted. If the attractions were not enough, ISSA Polska took care of one more: after playing all the games, a draw was held, in which you could win 3×550 PLN.
The last games of the second season of the Cyber Fortress League began just after 10 am. After the official welcome, Łukasz Wojewoda – director of the cybersecurity department took the floor. Then it was time for the presentations of the first Partner: Maciej Pyznar from ComCERT, after which the first scenario began. The scenario was based on the activity of the APT group responsible for attacks on many organizations, during which servers with access to the Internet were compromised. The purpose of the attacks was to obtain data. The attacker gained a foothold by using various exploits targeting Windows IIS servers and web applications. In its attacks, the group used custom malware dedicated to IIS servers (NodeIISWeb). The situation after the first scenario turned out to be extremely interesting: the existing leaders did not take the first place at all, and instead, one of the weaker groups took the lead.
It was time for the second scenario, but before the most important assumptions were presented, a representative of GreyCortex – our next Partner – entered the stage. Throughout this presentation, attendees had to be on the lookout for clues to the next attack. Everything became clear after a few moments. The second scenario was based on the activity of the APT group responsible for attacks on many organizations. The purpose of the attack was to obtain funds from the victims of the attack in exchange for regaining access to data. The attacker used remote access services in the victim network to gain a foothold. During the attack, the group usually also uses vulnerabilities that allow the escalation of privileges and the takeover of administrative accounts: G Ransomware. The results quickly showed that the competition will not be boring – one of the favorites joined the game for the top positions: Ogóry and Komando Wilków Alfa, but there were also a few surprises: the Penguins team or the Rycerze Światłowodów team were still ranked high. Before the break, nothing was certain.
The lunch break was a great opportunity for networking, which the organizers strongly focused on. The partners prepared their stands with attention to the greatest detail. Talks were going on between all the participants of the event, and for those willing, it was possible to play a specially prepared short version of the Cyber Fortress.
It was time for the third Partner presentation: this time you had to listen very carefully to Blackberry Cybersecurity in the hope of picking up clues that would help you in the game. The third scenario was fast approaching. A few minutes later, the expected information appeared on the screen. The scenario was based on an APT attack against a large airline. The purpose of the attack was to obtain data – the attack was successful. APT Group has acquired the carrier’s data over a period of approximately 10 years, including the personal and credit card details of 4.5 million passengers: APT 41 Air India. This scenario clearly appealed to the Pickles, Penguins and Special Group team, which scored the most points during the game. The positions in the table were still changing, and there were still two scenarios to be played.
The time has come to speed up the games, so the fourth and fifth scenarios were not preceded by presentations, which also meant no hints for the players. The fourth scenario turned out to be a ShadowPAD attack: it was based on a campaign against industrial control systems (ICS) using a backdoor. The campaign was observed in October 2021. Among the infected machines were engineering computers in building automation systems that were part of the telecommunications company’s infrastructure. For some organizations, the attacker exploited vulnerabilities in Microsoft Exchange to gain a foothold. The aim of the campaign was to obtain data. The Komando Wilków Alfa team was perfectly prepared for the task, outclassing their rivals in this one game. Blu Tim team and Spifftacular Mob team also did very well. Before scenario number five, the results were not shown, so as not to be completely sure of the result.
The time has come for the last scenario of the day, based on the attack on Uber, which was supposed to decide everything. The goal was to obtain data – the attack was successful. The APT group gained access to the data after compromising the victim’s PAM account. The security credentials for the compromised account were obtained in the Discovery phase from the victim’s resources discovered by the attacker after gaining a foothold. This scenario stirred up a lot and was not easy at all, the CyberEkspress team turned out to be the best, which strengthened their position in the table.
Before the participants found out who turned out to be the best during the finals, ISSA Polska prepared a prize draw. Each team had a chance to win PLN 550. The three lucky teams turned out to be: Allsafe, ęąściż and Rycerze Światłowodów. Congratulations! However, this was not the end of surprises. Special guests include Robert Kośla – member of the Cybersecurity Foundation Council, Brigadier General Oleksandr Potia, Deputy Chairman of the State Service of Special Communications and Information Protection of Ukraine and Ambassador Krzystof Paturej – President and initiator of the International Center for Chemical Safety in Poland.
Finally, it’s time to know the results. The podium among the teams that came to Warsaw was as follows:
1. Ogóry – prize PLN 3,000
2. CyberEkspress – PLN 2,000 prize
3. Komando Wilków Alfa – prize PLN 1,000
But what does this most important podium for the whole season look like?
1. ęąśćż – prize PLN 12,000
2. Ogóry – prize PLN 5,000
3. Komando Wilków Alfa – prize PLN 3,000
Congratulations to the winners!
However, this was not the end of the event! After the prize draw from ISSA Polska and the announcement of the results, the time has come for the last presentation of the Partner: Piotr Urbańczyk from Tekniska took up the topic of threats and protection of industrial installations. Then the After Party officially began, where you could share your impressions of both the final and the entire season.
At the end, we left the frosting on the cake: the presentation of the Cyber Fortress 2.0, which you will get to know better in season 3, to which we cordially invite you.
A huge thank you to the players who participated in the competition throughout the season. However, the event would not be so special if it were not for the support of our partners: Blackberry Cybersecurity, ComCERT, GreyCortex, MCX, Risk Monitor, Seqred, Tekniska, as well as ISSA Polska (which, as you probably remember, was also a partner of the second tournament) and Zaufana Trzecia Strona. We would also like to thank the Government Plenipotentiary for Cybersecurity, Janusz Cieszyński, for granting honorary patronage to the final of the second season of the Cyber Fortress League.
Season III starts in December, you can’t miss it!