Tag: Red Team Exercises

DEVCORE announced today (February 12th) that its Red Team Exercise service will be included in the public sector co-supplier contract for cybersecurity services by the end of 2024. DEVCORE is also one of the co-suppliers of the Red Team Exercise service, indicating that government departments expect to improve cybersecurity effectiveness through Red Team Exercises. ▲Left: DEVCORE CEO and Co-founder, Ong Hao-cheng; Right: DEVCORE Co-founder and Senior Vice President, Hsu Nien-en. DEVCORE also pointed out that the value of Red Team Exercise projects in 2024 increased by 11% compared to the previous year, and it is estimated that the revenue growth of Red Team Exercise services in 2025 will exceed 20%. To strengthen cybersecurity, the government and industry are joining forces. DEVCORE's Red Team Exercises are included in the public sector joint contract. To comprehensively enhance the cybersecurity capabilities of government agencies, the Digital Industry Administration of the Ministry of Digital Development included "Red Team Exercise Services" in the "Fifth Computer Software Joint Supply Contract Procurement – ​​Cybersecurity Services and Information Services" in 2024. This is not only the first cybersecurity service item added in ten years, but also a milestone in the government's high regard for and further strengthening of cybersecurity protection. DEVCORE, as Taiwan's first professional provider of Red Team Exercise services and a leading provider in this service, assists government agencies in procuring necessary cybersecurity services through joint supply contracts in the future. This significantly improves procurement efficiency for the government, allowing them to select cybersecurity services with sufficient quality and standards based on their budgets and needs, enabling more precise cybersecurity exercises and protection enhancements. DEVCORE CEO and Co-founder Hao-Cheng Weng stated, "DEVCORE is pleased to see red team drill services included in the public sector joint supply contract. This not only symbolizes the government's increased investment in cybersecurity, but also demonstrates the value of drill services, potentially influencing industries to adopt advanced drill services. We also hope to leverage our technical expertise and years of practical experience in red team drills to help companies apply the results of red team drills to their strategies and overall response mechanisms, creating a more secure and forward-looking digital environment at the architectural and process levels, and comprehensively deepening cybersecurity resilience." Demand for red team drills is booming, with market momentum expected to peak again in 2025. According to DEVCORE's internal observations, red team drill services are being adopted by more industries, and market demand continues to grow steadily. From 2021 to 2024, DEVCORE received 2.6 times more inquiries and bookings for red team drills, and the number of inquiries and bookings in January 2025 alone has already exceeded 60% of the same period last year. Among the industries with the strongest demand for red team exercises, the financial sector stands out, while inquiries from the semiconductor industry have been steadily increasing since 2022. Looking at actual procurement data, the financial sector remains the most active in adopting red team exercises, accounting for 29%, followed by the semiconductor industry at 28% and government agencies at 14%. These three industries account for over 70% of DEVCORE's total red team revenue in 2024. DEVCORE also observed that the value of completed red team exercise cases in 2024 increased by 11% compared to the previous year, with new clients accounting for over 50% that year. Notably, unlike in the past, inquiries have also begun to come from major server foundries, indicating that the benefits of red team exercise services are gaining more attention from enterprises and various industries. Enterprises are increasingly recognizing and actively investing in cybersecurity to address the growing severity of cyber threats. To deepen cybersecurity defenses, DEVCORE continues to promote red team drills and disseminate hacker thinking in response to the ever-increasing cybersecurity capabilities and dynamic evolution of the cybersecurity landscape from both government and industry perspectives. DEVCORE will also provide different types of drills based on varying cybersecurity profiles and drill expectations. This extends beyond simply identifying vulnerabilities and maximizing their effectiveness to more realistically simulating attack scenarios. Using a red-blue team coordination model, DEVCORE verifies enterprises' response speed, capabilities, and cybersecurity incident handling procedures in the face of real attacks. This expands the focus from technical patching to a comprehensive improvement in cybersecurity strategy and management. Furthermore, supply chain security has become one of the most challenging cybersecurity issues for enterprises in recent years. DEVCORE will also launch customized proactive product security research services, led by an internationally award-winning cybersecurity research team. These services assist enterprises in verifying the security of various products, including software, hardware, and firmware, ensuring compliance with high-standard cybersecurity requirements, protecting user safety, and enhancing brand image and trustworthiness through secure products. In addition to strengthening the defense capabilities of Taiwanese agencies through red team drills, DEVCORE has long been committed to conveying hacker thinking. In 2025, it will continue to hold the DEVCORE CONFERENCE, a technical seminar focused on attack orientation. The event will take place on March 15th, bringing together industry, government, and academia to focus on the essence of attack techniques and methods, helping the industry to think about defense strategies from the attacker's perspective, and to more effectively review their own cybersecurity protection configurations in order to jointly cope with the ever-changing cyber attack threats.

OpenAI has announced a global recruitment drive for red team members to uncover potential problems and security risks in its artificial intelligence (AI) systems through external talent. Furthermore, reports indicate that OpenAI plans to launch its multi-modal large-scale natural language processing (NLP) model, GPT-Vision, and subsequently, an even larger model codenamed Gobi, to compete with similar models planned by Google and other companies. Just as many cybersecurity firms use red team exercises to identify potential security risks and vulnerabilities, OpenAI also plans to use red team exercises to identify potential problems in the operation of AI technology and its potential for malicious use. Due to the inherent uncertainties of AI technology, it is crucial to ensure the security of its basic operations and to address potential application issues in various fields, including knowledge recognition, politics, humanities, education, law, finance, data privacy, and ethics. OpenAI is currently recruiting experts in different fields to ensure the security of its AI services and mitigate potential application risks through a wider range of talent and the red team exercise process. All team members participating in red team exercises must sign confidentiality agreements or refrain from disclosing any details before the relevant technologies are publicly released. In fact, OpenAI has conducted red team exercises to a certain extent before the official launch of its previously announced large-scale natural language processing models to ensure the safety of model usage. This expansion of global red team recruitment for exercises is clearly aimed at providing greater security for its artificial intelligence technology. Furthermore, The Information website reports that OpenAI may announce its multi-modal large-scale natural language processing model, GPT-Vision, before Google officially launches its Gemini model, and may subsequently release an even larger multi-modal large-scale natural language processing model, codenamed Gobi. In the upcoming competition in artificial intelligence technology, multi-modal large-scale natural language processing will undoubtedly become crucial, enabling AI to simultaneously accept multiple information inputs and automatically generate different information outputs. Compared to early AI, which could only respond to single content at a time, future AI technology is expected to be able to perform multi-content computations and responses simultaneously.

Last year, after discovering a vulnerability in Microsoft Exchange Server and winning the Best Server Vulnerability award at the Pwnie Awards (often referred to as the "Oscars of cybersecurity"), DEVCORE today (January 12th) shared its philosophy behind services such as Red Team Assessments, emphasizing its aim to help enterprises build adequate system security mechanisms through hacker attack ideas. DEVCORE co-founder and CEO, Hao-Zheng Weng, stated that many enterprises' security concepts are often based on purchasing external security solutions, neglecting vulnerabilities that arise during actual system operation. This makes them vulnerable to external attacks, leading to data theft or even greater damage. DEVCORE believes that by using the same attack methods as hackers to infiltrate enterprise systems, it can more directly and effectively help enterprises identify security vulnerabilities and improve their protection capabilities without affecting business operations or data security. Therefore, through Red Team Assessments and penetration tests, enterprises can discover vulnerabilities early, avoiding being overwhelmed when facing actual attacks. Weng Haozheng stated that building defenses through attacks has always been the core spirit of DEVCORE, and he also believes that only through continuous attacks and vulnerability discovery can true security protection methods be found. ▲From left: DEVCORE Co-founder and Red Team Director Xu Fukai, DEVCORE Co-founder and CEO Weng Haozheng, DEVCORE Co-founder and Support Team Leader Lai Weiting, DEVCORE Co-founder and Senior Project Manager Xu Nianen. Founded in November 2012, DEVCORE has been assisting industries with high cybersecurity requirements, including government agencies, finance, semiconductors, e-commerce, and healthcare, in reviewing the adequacy of their security protection through high-quality penetration testing services. In 2017, they officially launched red team exercises to further verify enterprises' cybersecurity protection capabilities through practical drills and to discover any additional potential vulnerabilities. Following numerous awards and its assistance in uncovering various enterprise security vulnerabilities, DEVCORE states that nearly 90% of external enterprise systems can be directly penetrated and accessed, and over 70% of core enterprise systems can be compromised and gained control, leading to service interruptions. This underscores the crucial need for practical testing to confirm the actual level of enterprise cybersecurity. However, does the continued discovery and patching of enterprise security vulnerabilities mean DEVCORE will become obsolete? Hsu Fu-kai, co-founder and director of the red team at DEVCORE, believes that while technological advancements will undoubtedly make the network environment more secure, and antivirus technologies and protection solutions will become smarter, even making it harder for new application services and frameworks to generate vulnerabilities, system iterations and updates will still lead to vulnerabilities arising from outdated code, access permissions, and more complex system structures. Therefore, DEVCORE can continue to assist enterprises in uncovering vulnerabilities using a hacker's mindset. Therefore, in terms of how enterprises approach cybersecurity, DEVCORE believes that they should place more emphasis on field exercises and simulated penetration results. In particular, some countries are now intending to use system vulnerabilities as digital weapons, and more organizations are openly or privately acquiring cybersecurity vulnerability information. In the future, it may be even more difficult to imagine the potential impact behind system vulnerabilities.