Cymulate’s endpoint solution tests if your parameter is tuned properly and protect you against the latest attack vectors.
Endpoints have become the target of choice by hackers. Users' workstations within a network domain are also points of entry for attackers. That’s why organizations reinforce their endpoints with layers of protection such as antivirus, antispyware and behavioral detection. They even deploy highly sophisticated deception systems to lead attackers away from the real endpoints and information to honeypots and traps. However, as seen in many cases in the last couple of years and also in our own experience, security measures such as EDRs EPPs and AVs still fall short and miss out on different type of worms, ransomwares and Trojans, thus allowing access to cybercriminals, malicious hackers and rogue insiders. One very recent example was discovered during Q1 of 2018 when a malicious Iranian attacker launched a widespread spear phishing campaign targeting government and defense entities (for testing phishing awareness see Phishing Assessment). The spear phishing emails had malicious macro-based documents attached to them using socially engineered methods enabling Indirect Code Execution Through INF and SCT.
That malicious macro in the document dropped files which one of them is an SCT file which on its own does not sound like a malicious file but it contained VBS script that can be executed from REGSVR32 and there for was hidden and could by pass end point security solutions.
The main function performed by the SCT file is to Base64 decode the contents of WindowsDefender.ini file and execute the decoded PowerShell. Once successfully executed, the POWERSTATS backdoor enabled the attackers to get a foothold within the organization to reach sensitive information (see Hopper (Lateral Movement) Assessment and Data Exfiltration Assessment).
Cymulate’s endpoint assessment allows organizations to deploy and run real ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The assessment ascertains if the security products are tuned properly and are actually protecting your organization’s endpoints against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to:
The assessment results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each threat that has been discovered depending on the type of attack and phase it reached in its distribution method. This allows the organization to truly understand its security posture and take action to update and upgrade where necessary.