Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

The Standoff wraps up; Attackers breach perimeters of all six organizations and gain access to corporate networks

By Maria Henriquez
the standoff
November 19, 2020

The Standoff, an online offensive/defensive competition in which defenders (blue teams) compete against attackers (red teams) to control the infrastructure of a simulated digital city, has concluded.

The event took place Nov. 12-17, 2020, pitting information security veterans against skilled hackers in a battle to hack mock banks, utilities, airports, downtown hubs, IoT systems, cargo and public transportation, telecoms systems and more. The Standoff’s unique virtual city environment contained actual infrastructure components representative of common real-world business and industrial systems, such as:

  • Port with rail terminal
  • Natural gas pumping station
  • Chemical plant and fire station
  • Oil refinery and storage facility (including wind turbines)
  • Amusement park
  • Airport
  • Electrical plant and substation
  • City business and financial center

These systems and platforms were simultaneously targets for the attacking teams to hack and valuable assets for defending teams to protect. At the event site, an active round-the-clock Security Operations Center (SOC) was equipped with the latest security tools. The SOC, in conjunction with specialists from the Positive Technologies Expert Security Center (PT ESC), helped to make the virtual action at The Standoff visible to all.

In the cyber-range competition, the winning attacker team was Codeby (27,123 points), followed by back2oaz (24,463 points) and DeteAct (18,508 points). Collectively, the attackers were able to trigger 47 percent of all the risks that had been designed. Of the 24 unique triggered cyber-risks, 2 were novel and unanticipated by the organizers. The jury accepted more than 50 task completion reports from attacker teams.

Defender teams were able to detect more than 200 security incidents on their respective infrastructures. Incident detections were highest for the teams IZ:SOC and CT&MM. The teams performed 21 investigations. The average investigation took 11 hours and 50 minutes from start to finish.

All of the mock city's companies had to grapple with the aftermath of cyberattacks. Here are some of the most serious cases:

  • At the Nuft petrochemical plant, an accident led to toxic leakage. Attackers were able to gain access to the plant's controls and closed the refrigeration intake, which caused overheating and disrupted the chemical manufacturing process. Soon after, the attackers were able to halt the process entirely.
  • A cyberattack disabled oil extraction equipment, causing production to stop. The attackers also accessed the oil storage controls and disrupted the process for transport of oil to storage tanks. They later were also able to disable the controller responsible for managing petrochemical transport.
  • At the 25 Hours amusement park, the Ferris wheel fell over. A team gained access to the controls and increased the rotation speed to the highest value, causing the Ferris wheel to collapse. They finished by disabling the Ferris wheel's controller and turning off lighting to prevent visitors from leaving.
  • Bank attacks enabled theft of funds from individuals' accounts, as well as theft of data regarding bank clients (name, account balance, card PAN, etc.).
  • Valuable documents were stolen from two companies. Employee personal data was stolen from five companies.
  • During the closing minutes of the competition, back2oaz accessed climate controls for the office buildings and could change the temperature settings.
  • Some risks were made possible by poorly protected corporate websites. These include disruptions to the amusement park's online ticketing offices, as well as plane ticket sales and passenger check-in systems on the airport website.
  • However, the majority of risks required first accessing the company's local network. Here, too, we see that attackers started by looking for vulnerabilities in web applications in order to breach infrastructure. Defender teams reported on successful attempts to exploit such vulnerabilities.
  • The first vulnerability was found by n0x in a Nuft system just 19 minutes after the start of the competition. The jury received a total of 433 bug bounty reports. Almost half were SQL injection, while a quarter involved remote code execution. Two thirds of all vulnerabilities were found at the city's Nuft and Big Bro Group.

The largest number of risks (8) was triggered at 25 Hours, the mock company that owned the city's business center, HVAC system, traffic lights, and amusement park. The runner-up, with seven unique risks triggered, was oil company Nuft. Only the railroad and port escaped unscathed.

At the same time, The Standoff was also a cybersecurity conference with talks, workshops, and demos from global cybersecurity experts. As a cybersecurity marathon under The Standoff brand, the event started in the U.S. and went through Europe, the Middle East, and Asia, before ending in Russia. The Standoff unites different audiences and countries with one agenda and one idea — improving cybersecurity through real-world offensive and defensive exercises.

Here’s a selection of some discussions that were thought-provoking:

  • "The cyber-range overview. Evolution" Denis Baranov, Andrey Bershadsky, Yury Maximov
  • "How have IS industry and community changed over the years and what are they developing into? What are the ways for people involved to progress within the industry?" Alexey Sintsov, Boris Savkov
  • "Red teaming simulation: unique attacks of lateral movements," Lawrence Amer
  • "How to gain profit from information security? Does this imply pursuing industry evolution or being a global leader?" Sergey Matsotsky, Alexander Galitsky, Yuri Maximov
  • "Kr00k: serious vulnerability affected encryption of billion+ Wi-Fi devices," Robert Lipovsky
  • "Vulnerabilities of machine learning infrastructure," Sergey Gordeychik
  • "Penetration testing communication systems: nowadays," Moritz Abrell
  • "We hacked 5G, now let's protect it," Dmitry Kurbatov
  • "Windows 10 hardware security mechanisms," Artyom Sinitsyn

Didn’t have time to catch everything you wanted to? All recordings have been made available here.

KEYWORDS: cyber security hackers information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0219-data-Feat-slide1_900px

    How to protect ERP data when access to corporate networks is both ubiquitous and for sale on the dark web

    See More
  • Beyond Passwords: How Security Can Improve Identity in 2018 - Security Magazine

    The perils of lax security hygiene and what organizations can do about it

    See More
  • employee workplace

    Only 34% of organizations revoke system access to employees on the day they leave

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing