Via dei Gracchi 32, Roma
Spear phishing is an e-mail fraud attempt that targets a specific company, looking for unauthorized access to passwords or other confidential data. Our attack simulation will see the launch of a sophisticated campaign, by sending e-mails created ad hoc (impersonating for example a real corporate IT division) where customer artifacts will be emulated and tracking systems and malicious links inserted. that redirect the employee to a clone site in order to evaluate the employee response.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including if the user has opened the email, downloaded the attachment, clicked on the link or entered the credentials in the clone site)
The goal of this attack simulation is the infiltration of the customer’s offices.
After a preliminary activity of OSINT of the client company, we move on to obtaining satellite photos of the company offices. A few days before the attack, a Red Team agent will go on patrol to acquire photographic information by taking photos and / or recording videos of: “access / exit points”, “guards”, “access control points”, “badges” “And any other useful point of interest (where possible). A Red Team agent will impersonate an employee, a manager of some company division, a delivery man, etc. The objective will be to evade any security checks and enter the customer’s company building either from the main entrance, trying to bypass the security guards’ control, or from a secondary entrance, with the aim of gaining access to the areas privileged. If the Red Team agent gains access to the building, the goal will be to enter sensitive areas (CEO offices, Datacenter, etc.) obtaining evidence via photos / videos (in “covert” mode, using cameras hidden).
At the end of the activity, a detailed report will be drawn up containing the outcome of the activity, any security checks carried out and the behavior of the employees met and by the security divisions, as well as evidence of access obtained to privileged areas of the organization.
A “Drive-by Download” attack refers to the inadvertent download of malicious code to your computer or mobile device simply by visiting a website or clicking on malicious links that are disguised as legitimate links. A “Drive-by Download” attack can exploit an app, operating system or web browser that contains security problems due to a lack of updates. Using a “harmless” malware created by us (which can act in “covert” or “overt” mode by showing a popup or a ransomware-style screen) the compromise of a workstation due to incorrect user behavior will be simulated.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including if the user has opened the email, downloaded the attachment, clicked on the link or executed the attachment).
As the name suggests, Baiting attacks use a bait to arouse the victim’s curiosity. The attack lures users into a trap that steals their personal information or compromises their workstations with malware.
The most used form of bait is USB physical media. For example, the attacker leaves the bait – usually flash drives infected with malware – in clearly visible areas where it is certain that potential victims see them (for example, bathrooms, elevators, the company parking lot).
Victims collect the bait out of curiosity and insert it into a work computer or into their own PC, resulting in the automatic installation of malware on the system.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including if the user has opened the files on the USB media).
Vishing is that form of attack that aims to obtain information or try to influence the action of the target user through the use of the phone. The goal of this attack is to obtain valuable information that directly contributes to the compromise of an organization. Attackers, posing as an authoritative figure, a technician or an employee colleague, sometimes “forging” their phone number to make the attack more truthful, and using voice-changing software or deep learning algorithms in order to hiding their identity or disguising themselves as a legitimate employee can obtain confidential information very easily.
At the end of the activity, a detailed report will be drawn up containing the behavior of the target users (including the information obtained during the attack).