A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.
Which of the following should the tester do NEXT?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
When a penetration tester discovers a critical vulnerability being actively exploited by cybercriminals, the first and most important step is to ensure that the client's assets are protected. It is essential to handle the situation carefully and professionally to prevent further harm to the client's systems.
The following are the recommended steps a penetration tester should take in such a situation:
Document the vulnerability and the active exploitation: The penetration tester should document the vulnerability and the active exploitation, including the type of attack, IP addresses, time and date of the attack, and any other relevant information.
Notify the client: The penetration tester should immediately inform the client about the vulnerability and the active exploitation. The client should be advised to take immediate action to mitigate the risk of further damage to their systems. This includes implementing temporary controls such as blocking the attacker's IP addresses or disabling the vulnerable service.
Escalate the issue: If the client does not take appropriate action to address the vulnerability, the penetration tester should escalate the issue to the primary point of contact, who is usually a manager or a security officer. The primary point of contact should be informed of the critical nature of the vulnerability and the active exploitation.
Notify law enforcement: Depending on the severity of the situation, the penetration tester may need to notify law enforcement officials, such as the FBI or local police department. The penetration tester should consult with the client and primary point of contact before taking this step.
Collect evidence: The penetration tester should collect proper evidence, including logs, system files, and any other relevant data, to support their findings. This evidence should be added to the final report to demonstrate the severity of the vulnerability and the potential impact of the active exploitation.
In conclusion, the next step for a penetration tester who discovers a critical vulnerability being actively exploited by cybercriminals is to inform the client, escalate the issue to the primary point of contact, and collect proper evidence for the final report. Depending on the severity of the situation, the penetration tester may also need to notify law enforcement officials.