Targeted Attacks: Technical Testing of the Protective Measures

Systematically Bypassing Configurations – Accomplishing Transparency

Recent years have shown that companies are increasingly falling victim to targeted attacks. With these attacks, the focus is no longer on the indiscriminate takeover of perimeter systems or penetrating the DMZ via vulnerabilities that exploit systems accessible from the internet, but rather to compromise selected targets in the internal network of the company: i.e. client devices. Attackers make use here of such techniques as social engineering, phishing, spear phishing, whaling or waterholing. Consequently, a simple e-mail with a dangerous attachment or a visit to a supposedly harmless website is often the trigger of a compromise.

We test the robustness of selected devices in your working environment (e.g. notebook, desktop PC or thin client / terminal server) to attacks from the internet. The protective measures implemented locally on the end device, but also the filters possibly installed on intermediate systems are evaluated in this respect.

Lessons Learned

Targeted attacks provide comprehensive insights into the technical protective measures on client devices:

• CSIR: Do we recognize targeted attacks and can we defend them?
• Are further protective measures necessary?

Project Scope

Targeted attack projects are normally carried out within a period of one to three days and usually involve the following project phases:

• Kickoff
• Provision of a client with e-mail inbox
• Simulation of the attack vectors
• Triggering of protective systems and processes
• Documentation