800 800 070
Available H24
Via S. Pietro All’Orto 9, Milano
Via dei Gracchi 32, Roma
Via dei Gracchi 32, Roma
Email info@argocyber.it
Social Engineering
0
Total Cyber Attacks In 2020
+
0
%
Cyber Attacks Compared to 2014
+
%
Phishing / Social Engineering Campaigns Compared to 2018
0
Monthly Cyber Attack Average
Argo cyber security
Why choose us
Argo Cyber is a project with a high technological and specialized component unique of its kind.
Using advanced IT technologies, it identifies innovative and customized solutions for its customers.
Social Engineering
An erroneous perception of cyber threats and attacks that target the illegal intrusion into a network or access to sensitive / critical data, is that everything happens using only software tools and technologies and targeting digital assets. or physical. This is simply not true as attackers are well aware that one of the simplest ways to gain access to sensitive information or compromise entire corporate infrastructures is to simply “ask” for that information in the right ways from the right people.
In short, the human being is always the weakest link in the security chain! Our Social Engineering service was created to deliver a diverse type of attacks that target corporate employees. We evaluate the actual response of the weakest link in the security chain, the human factor. We test the customer’s employees without their knowledge, providing an overview of the human attack surface. We will show whether target employees can become a gateway that an attacker can leverage to infiltrate corporate assets and / or obtain sensitive data.
Our
Certifications
Argo Cyber constantly invests in certifications to improve the level of services offered thus guaranteeing the utmost professionalism and safety to its customers.
Social Engineering
Types of Attack
The proposed scenarios are the most common real cases that our Red Team, thanks to its proven experience in the field, is able to simulate using all the resources that a real attacker has available during his operations.
Spear phishing
Spear phishing is an e-mail fraud attempt that targets a specific company, looking for unauthorized access to passwords or other confidential data. Our attack simulation will see the launch of a sophisticated campaign, by sending e-mails created ad hoc (impersonating for example a real corporate IT division) where customer artifacts will be emulated and tracking systems and malicious links inserted. that redirect the employee to a clone site in order to evaluate the employee response.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including if the user has opened the email, downloaded the attachment, clicked on the link or entered the credentials in the clone site)
Infiltration via Pretexting
The goal of this attack simulation is the infiltration of the customer’s offices.
After a preliminary activity of OSINT of the client company, we move on to obtaining satellite photos of the company offices. A few days before the attack, a Red Team agent will go on patrol to acquire photographic information by taking photos and / or recording videos of: “access / exit points”, “guards”, “access control points”, “badges” “And any other useful point of interest (where possible). A Red Team agent will impersonate an employee, a manager of some company division, a delivery man, etc. The objective will be to evade any security checks and enter the customer’s company building either from the main entrance, trying to bypass the security guards’ control, or from a secondary entrance, with the aim of gaining access to the areas privileged. If the Red Team agent gains access to the building, the goal will be to enter sensitive areas (CEO offices, Datacenter, etc.) obtaining evidence via photos / videos (in “covert” mode, using cameras hidden).
At the end of the activity, a detailed report will be drawn up containing the outcome of the activity, any security checks carried out and the behavior of the employees met and by the security divisions, as well as evidence of access obtained to privileged areas of the organization.
Drive-by Download
A “Drive-by Download” attack refers to the inadvertent download of malicious code to your computer or mobile device simply by visiting a website or clicking on malicious links that are disguised as legitimate links. A “Drive-by Download” attack can exploit an app, operating system or web browser that contains security problems due to a lack of updates. Using a “harmless” malware created by us (which can act in “covert” or “overt” mode by showing a popup or a ransomware-style screen) the compromise of a workstation due to incorrect user behavior will be simulated.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including if the user has opened the email, downloaded the attachment, clicked on the link or executed the attachment).
Baiting
As the name suggests, Baiting attacks use a bait to arouse the victim’s curiosity. The attack lures users into a trap that steals their personal information or compromises their workstations with malware.
The most used form of bait is USB physical media. For example, the attacker leaves the bait – usually flash drives infected with malware – in clearly visible areas where it is certain that potential victims see them (for example, bathrooms, elevators, the company parking lot).
Victims collect the bait out of curiosity and insert it into a work computer or into their own PC, resulting in the automatic installation of malware on the system.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including if the user has opened the files on the USB media).
Vishing
Vishing is that form of attack that aims to obtain information or try to influence the action of the target user through the use of the phone. The goal of this attack is to obtain valuable information that directly contributes to the compromise of an organization. Attackers, posing as an authoritative figure, a technician or an employee colleague, sometimes “forging” their phone number to make the attack more truthful, and using voice-changing software or deep learning algorithms in order to hiding their identity or disguising themselves as a legitimate employee can obtain confidential information very easily.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including the information obtained during the attack).
