Defendza were engaged by a fintech provider with global presence. Their challenge was to present this as a business case on assessing how well prepared their business is in case of a cyber attack.
Defendza were engaged by a fintech provider with global presence. Their challenge was to present this as a business case on assessing how well prepared their business is in case of a cyber attack. With development, support and staff present across Australia, Asia, and Europe, no new attack vectors were considered by their current security vendors and security teams. Our tailored services ensured that client has a full view of our preparations, project flexibility and control over the situation.
Financial services businesses deal with threats on multiple fronts, these vary from simpler attacks such as daily spam emails to sector wide espionage threats. These threats target people (staff), processes and technology (equipment in use).
This assessment involved targetting information around people, processes and technological assets and analysing this information to form a meaninful attack vector.
Defendza's offering included tailor approach for this client, therefore providing project flexibility and control with the customer. This was based on a two-phased approach, first phase involvined remote execution techniques based around remote social engineering only. This process to be followed up with onsite activity based on the first phase outcomes.
In line with red teaming attack methodlogy, the first and most important phase is the data collection and analysis. This open source intelligence (OSINT) activity involves techniques to obtain wealth of information leaked on the internet already. OSINT techniques vary from finding employee related information (email, social media, geo tagging info), checking leaked credentials to vulnerable devices on the internet.
Using the data obtained in open source intelligence, Defendza carefully carved a campaign targeting only the required group of employees from support function. This is an important step as support personnel often deal with multiple clients, in this case multiple banking clients. It's crucial to avoid any alerts and suspicious on the client-side at this stage. Other activities in this methodlogy include maintaing access after initial foothold, persisting through multiple sources to ensure access is not lost and performing lateral movements for privileges as well as data searches.
Until the objectives agreed with the client before the start of this campaign are met, this activity continues till the defined timelines. The underlying objective of this campaign includes preparing timelines for exact techniques, keeping logs of the work and providing a detailed view of attack simulation to client teams.
A debriefing workshop was conducted for two days to ensure red team has offloaded all knowledge to blue team as knowledge sharing objective (agreed beforehand). This is to ensure that the client undertands and prepares a roadmap for weaknesses identified at strategic and technical levels across the organisation.
This telecom industry client was planning for an internal mobile application roll out to its staff on a restricted iPad device. This application allows users to connect to their Salesforce CRM modules to fetch, record and update project specific information.
