Cymulate’s Endpoint Security vector challenges your endpoint security controls and checks whether they are properly tuned to defend you against signature and behavior-based attacks.
Endpoints have become the target of choice by hackers. Users’ workstations within a network domain are also points of entry for attackers. That’s why organizations reinforce their endpoints with layers of protection such as antivirus, antispyware and behavioral detection solutions. They even deploy highly sophisticated deception systems to lead attackers away from the real endpoints and lure them to honeypots and traps.
However, as repeatedly witnessed in the headlines and based on the Cymulate Research Lab’s findings, security measures such as EDRs EPPs and AVs still fall short and miss out on different types of worms, ransomware and Trojans, thus allowing access to cybercriminals, malicious hackers and rogue insiders.
One discovered last year involved a malicious Iranian-based attacker who launched a widespread spear phishing campaign targeting government and defense entities (for testing phishing awareness see Phishing Awareness). The spear phishing emails had malicious macro-based documents attached to them using socially engineered methods enabling Indirect Code Execution through INF (Setup Information) and SCT (Scitex) image files.
That malicious macro in the document dropped files, one of which was an SCT file, which on its own does not sound malicious, but contained a VBS script that can be executed from REGSVR32 and was therefore hidden and could bypass endpoint security solutions.
The main function performed by the SCT file was to Base64 decode the contents of WindowsDefender.ini file and execute the decoded PowerShell. Once successfully executed, the POWERSTATS backdoor enabled the attackers to get a foothold within the organization to reach sensitive information (see Hopper (Lateral Movement) Vector and Data Exfiltration Vector).
Cymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.
The endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.