Frequently Asked Questions

Product Information & Exposure Management

What is Cymulate's Exposure Management and Security Validation platform?

Cymulate's Exposure Management and Security Validation platform is a comprehensive solution that enables organizations to continuously assess and validate their security posture. It helps cybersecurity staff and IT teams test for vulnerabilities to threats like ransomware, phishing, and advanced malware, ensuring that security controls are effective against the latest crimeware kits found on the dark web. Learn more.

How does Cymulate help organizations defend against threats from the dark web?

Cymulate helps organizations defend against threats from the dark web by providing modules that simulate real-world attacks, including ransomware, phishing, and malware campaigns. The platform tests if security solutions can withstand advanced crimeware kits, such as Rubella Macro Builder, and validates the effectiveness of defenses against emerging threats. Source.

What types of attacks can Cymulate simulate?

Cymulate can simulate a wide range of attacks, including ransomware-as-a-service (RaaS), DDoS-as-a-service, ATM malware kits, phishing campaigns, and advanced malware like Rubella Macro Builder. This allows organizations to test their defenses against the latest tactics used by cybercriminals. Source.

How does Cymulate support exposure management?

Cymulate supports exposure management by continuously validating security controls, identifying vulnerabilities, and providing actionable insights to improve defenses. The platform enables organizations to proactively address gaps before they are exploited by attackers. Learn more.

What is the role of Cymulate in defending against ransomware?

Cymulate enables organizations to test their resilience against ransomware attacks by simulating real-world ransomware scenarios, including those sold as Ransomware-as-a-Service (RaaS) on the dark web. This helps organizations identify weaknesses and improve their defenses. Source.

How does Cymulate help test defenses against phishing attacks?

Cymulate provides modules to simulate phishing attacks, allowing organizations to assess their susceptibility to phishing campaigns and evaluate the effectiveness of their security awareness training and technical controls. Learn more.

Can Cymulate validate defenses against advanced malware like Rubella Macro Builder?

Yes, Cymulate can test if security solutions such as antivirus software are effective against advanced malware kits like Rubella Macro Builder, which are available on the dark web and used in real-world attacks. Source.

How does Cymulate help organizations stay ahead of emerging cyber threats?

Cymulate continuously updates its threat simulation library to reflect the latest tactics, techniques, and procedures used by cybercriminals, ensuring organizations can test their defenses against current and emerging threats. Learn more.

What is the significance of continuous assessment in cybersecurity?

Continuous assessment allows organizations to regularly validate their security posture, quickly identify new vulnerabilities, and adapt defenses to evolving threats, reducing the risk of successful cyberattacks. Cymulate’s platform is designed to facilitate this ongoing process. Learn more.

How does Cymulate empower cybersecurity teams?

Cymulate empowers cybersecurity teams by providing tools for threat simulation, comprehensive security assessments, and actionable insights, enabling them to proactively strengthen defenses and stay ahead of cyber threats. Learn more.

What is Ransomware-as-a-Service (RaaS) and how does Cymulate address it?

Ransomware-as-a-Service (RaaS) is a model where cybercriminals sell ready-made ransomware kits on the dark web. Cymulate addresses this threat by simulating RaaS attacks, allowing organizations to test their defenses against these prevalent threats. Source.

How does Cymulate help with DDoS attack preparedness?

Cymulate enables organizations to simulate DDoS attacks, such as those sold as DDoS-as-a-Service on the dark web, to assess and improve their resilience against service disruption threats. Source.

Can Cymulate help test defenses against ATM malware kits?

Yes, Cymulate can simulate attacks using ATM malware kits, such as Cutlet Maker, to help organizations identify vulnerabilities in their ATM infrastructure and improve security controls. Source.

What is Rubella Macro Builder and how does Cymulate address it?

Rubella Macro Builder is a crimeware kit sold on the dark web that enables attackers to launch malware spam campaigns. Cymulate can simulate attacks using such kits to test if security solutions can detect and block them. Source.

How does Cymulate make advanced security testing fast and easy?

Cymulate Exposure Validation provides a user-friendly interface for building custom attack chains and running advanced security tests, making it accessible for cybersecurity teams to assess their defenses efficiently. Learn more.

What feedback have customers given about Cymulate's ease of use?

Customers have praised Cymulate for its intuitive and user-friendly platform. For example, Raphael Ferreira, Cybersecurity Manager, stated, "Cymulate is easy to implement and use—all you need to do is click a few buttons, and you receive a lot of practical insights into how you can improve your security posture." Read more testimonials.

How quickly can Cymulate be implemented?

Cymulate is designed for rapid implementation, operating in agentless mode with no need for additional hardware or complex configurations. Customers can start running simulations almost immediately after deployment. Book a demo.

What are the key capabilities of Cymulate's platform?

Cymulate offers continuous threat validation, unified exposure management, attack path discovery, automated mitigation, AI-powered optimization, complete kill chain coverage, and an extensive threat simulation library. These capabilities help organizations improve security posture and operational efficiency. Learn more.

What measurable outcomes have customers achieved with Cymulate?

Customers have reported outcomes such as a 52% reduction in critical exposures, a 60% increase in team efficiency, and an 81% reduction in cyber risk within four months. Read the Hertz Israel case study.

Pricing & Plans

What is Cymulate's pricing model?

Cymulate operates on a subscription-based pricing model tailored to each organization's requirements. Pricing depends on the chosen package, number of assets, and scenarios selected for testing. For a personalized quote, schedule a demo.

Features & Capabilities

What integrations does Cymulate offer?

Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. For a complete list, visit our Partnerships and Integrations page.

What security and compliance certifications does Cymulate hold?

Cymulate holds several key certifications, including SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1. These certifications demonstrate Cymulate's commitment to industry-leading security and compliance standards. Learn more.

How does Cymulate ensure data security and privacy?

Cymulate ensures data security through encryption in transit (TLS 1.2+) and at rest (AES-256), secure AWS-hosted data centers, a tested disaster recovery plan, and compliance with GDPR. The platform also includes 2FA, RBAC, and IP address restrictions. Learn more.

Does Cymulate provide educational resources?

Yes, Cymulate offers a Resource Hub with insights, thought leadership, and product information, as well as a blog, glossary, webinars, and e-books. Visit the Resource Hub.

Use Cases & Benefits

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, security leaders, SecOps teams, red teams, vulnerability management teams, and organizations of all sizes across industries such as finance, healthcare, retail, media, transportation, and manufacturing. Learn more.

What problems does Cymulate solve for organizations?

Cymulate addresses fragmented security tools, resource constraints, unclear risk prioritization, cloud complexity, communication barriers, inadequate threat simulation, operational inefficiencies in vulnerability management, and post-breach recovery challenges. See case studies.

Are there case studies demonstrating Cymulate's effectiveness?

Yes, for example, Hertz Israel reduced cyber risk by 81% in four months, and a sustainable energy company scaled penetration testing cost-effectively with Cymulate. Read more case studies.

How does Cymulate tailor solutions for different roles?

Cymulate provides tailored solutions for CISOs (metrics and risk prioritization), SecOps (automation and efficiency), red teams (offensive testing), and vulnerability management teams (validation and prioritization). Learn more.

Competition & Comparison

How does Cymulate differ from other security validation platforms?

Cymulate stands out with its unified platform combining BAS, CART, and Exposure Analytics, continuous threat validation, AI-powered optimization, complete kill chain coverage, ease of use, and measurable outcomes. It also offers the most advanced attack simulation library with daily updates. See comparisons.

What are the advantages of Cymulate for different user segments?

CISOs benefit from quantifiable metrics, SecOps teams gain automation and efficiency, red teams access a vast attack library, and vulnerability management teams improve validation and prioritization. Learn more.

Support & Implementation

What support options does Cymulate offer?

Cymulate provides email support, real-time chat support, a knowledge base, webinars, e-books, and an AI chatbot for technical assistance and best practices. Contact support.

Where can I find Cymulate's blog, newsroom, and events?

You can find the latest threats, research, and company news on our blog, newsroom, and events page.

Where can I find a central hub for Cymulate's resources?

All Cymulate resources, including insights, thought leadership, and product information, are available in our Resource Hub.

Company & Vision

What is Cymulate's mission and vision?

Cymulate's mission is to transform cybersecurity practices by enabling organizations to proactively validate defenses, identify vulnerabilities, and optimize security posture. The vision is to create a collaborative environment for lasting improvements in cybersecurity. Learn more.

What recognition and awards has Cymulate received?

Cymulate has been named a Customers' Choice in the 2025 Gartner Peer Insights and recognized as a market leader for automated security validation by Frost & Sullivan. Read more.

Where can I find Cymulate's glossary of cybersecurity terms?

Cymulate provides an expanding glossary of cybersecurity terms, acronyms, and jargon at our glossary page.

Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Dark Web Shopping Center

By: Cymulate

Last Updated: March 25, 2025

Phishing Attacks

Black Mirror – Looking at the Dark Web Marketplace for Cyber Crime

We all know about cybercriminals, but do we also understand where they get their tools of the trade? Let’s go to the dark side and have look at the black mirror reality of the cyber crime marketplace.

The cyber crime world is the counterpart of our world. In the same way that we use the (visible) web, they use the dark web, which has its own search engines, such as Onion. We purchase books from Amazon, items from Alibaba, and fashion from Zalando. They purchase IDs, financial accounts, and other financial and personal data from wholesalers who distribute stolen data directly or via affiliates for profit. As in the real world, they also provide “customer support” by teaching the most effective ways to sell this data to retailers or salespeople that post advertisements on dark web markets and forums.

Ransomware-as-a-Service (RaaS)

SaaS and other software services also have their dark counterpart. Ransomware-as-a-Service (RaaS) is sold by cybercriminals to other cyber crooks who are technically unable (or unwilling) to develop their own kits for ransomware attacks. Prices can be as low as USD 39 for, e.g., the ransomware variant Stampado.  For this price, the would-be malicious hackers not only purchase the ransomware itself but also get a lifetime license, expanding their malicious capabilities forever.

DDoS-as-a-Service

Other types of crimeware kits are also for sale to initiate e.g., DDoS and ATM attacks. Let’s have a look at the DDoS-as-a-service. On April 25, Europol announced that it had rolled up webstresser.org, a global marketplace that sold DDoS attacks to any cyber crook, anywhere, for a price as low as EUR 15.00 a month. Its operations were spanning the globe, with administrators located in the UK, Croatia, Canada, and Serbia and prime customers in the Netherlands, Italy, Spain, Croatia, the UK, Australia, Canada, and Hong Kong. Up to April 2018, there were 136,000 registered users, and 4 million attacks were launched mainly aimed at critical online services offered by banks, government institutions, and police forces.

ATM Malware Kits

For criminals that want to hack ATMs, special malware is available on the dark web for only $5,000. For this price, cybercrooks can buy Cutlet Maker on the dark web marketplace Alphabay. ATMs are vulnerable when they run on outdated operating systems such as Windows XP or on any other OS that is no longer supported. Some crimeware kits are even able to empty ATMs with a vendor-specific API without tampering with ATM users or their data. Cybercrooks like to remotely, keeping a safe distance from the ATMs themselves. They use cash mules to pick up and transport the loot. When the ATM is not vulnerable, the hackers gain access using a bank employee’s credentials that they obtained via email phishing or social engineering attacks.

Rubella Macro Builder

new crimeware kit for sale (known as Rubella Macro Builder) has been spotted on high-profile Russian-speaking and English-speaking dark web forums. It is already being used by various cybercriminal groups. It offers a quick, easy, and cheap way to launch malware spam campaigns. Priced at USD 500 in February 2018, the price for a three-month license was reduced to USD 120 by April 2018. The crimeware kit allows users to choose what payload they want to distribute, where they want to distribute it, and how they want to distribute it e.g., via executable, JavaScript, or Visual Basic Script. It allows for massive spam campaigns to reach as many potential victims as possible. Rubella Macro Builder, which uses phishing emails with Microsoft Word or Excel attachments as bait, can bypass basic antivirus protection. It has already victimized an Australian financial institution.

Cymulate’s Role in Exposure Management

With all those new crimeware kits popping up on the dark web, it’s hard for organizations to know if they are properly protected. That’s where Cymulate’s Exposure Management and Security Validation platform comes into play. The platform contains several modules that are a great help for cybersecurity staff and IT teams to test if their organizations are vulnerable to ransomware attacks, phishing attacks, and the like, and if their security solutions such as AV hold up against e.g., Rubella Macro Builder.

To learn how Cymulate’s BAS platform can help accelerate your security posture, book a demo today.

image
Cymulate
Cymulate empowers organizations to fortify their defenses through continuous assessment and validation of their security posture. With a focus on threat simulation, comprehensive security assessments, and a commitment to innovation, Cymulate equips organizations with the tools and insights needed to stay ahead of cyber threats.
More about Author
Table of Contents
Black Mirror – Looking at the Dark Web Marketplace for Cyber Crime Ransomware-as-a-Service (RaaS) DDoS-as-a-Service ATM Malware Kits Rubella Macro Builder Cymulate’s Role in Exposure Management
Cymulate Exposure Validation makes advanced security testing fast and easy. When it comes to building custom attack chains, it's all right in front of you in one place.
Mike Humbert, Cybersecurity Engineer
DARLING INGREDIENTS INC.
Learn More

Featured Resources

View More Resources
image
E-book

A Practical Guide to Exposure Management

The five steps to a sustainable CTEM program,  with tools, industry insights and guidance.​

Learn More
cymulate blog article
blog

7 Essential Steps to Becoming Ransomware Resilient 

Practical steps to reduce ransomware risk and improve your defenses against evolving threats.

Read More
image
CUSTOMERS

Law Enforcement Agency Restores Confidence in Cyber Defenses

This small cybersecurity team is tasked with protecting the organization’s fraud services and all electronic records related to criminal investigations.

Read Case Study

GET A PERSONALIZED DEMO

Ready to see Cymulate in action?

Book a Demo