In Digital era we stepped in, it is not a matter of "if" but"when" Your businesses will come under attack from hackers. CyberZodiac offers to the client full-scale real attack simulation, including Physical Testing powered by proven masters of real-world scenario cyber-attacks (success rate above 90%).
Our complex approach to business security allows us to discover the systems' vulnerabilities, which might not be visible for cyber defense experts and to access the business's readiness to face hacker attack. We provide our clients with a well structured, easy to read and implement, detailed report about the discovered vulnerabilities and detected weaknesses, carefully bringing to awareness the possible real-life aftermath.
TЕST THE READINESS OF YOUR BUSINESS TO FACE REAL CYBER ATTACKS.
✔ Seeing your cyber security from the attacker's perspective: in-depth assessment of the defense system against cyber attack. ✔ Learn how Your employees are going to manage the real crisis. ✔ Find most dangerous vulnerabilities not visible to defend-minded cyber experts. ✔ Get a clear log-report for Your in-house defense team to fix and improve Your security system.
WE WILL FIND A POINT OF ENTRY.
In 97 percent of companies, the professional team succeeded in breaching the network perimeter and accessing the local network.
In 27 percent of tested companies, traces of previous attacks were found: the client infrastructure had likely already been under the control of real attackers.
CYBERSECURITY HEALTH CHECK.
Intelligence gathering about the client, including openly available information sources and off-grid, including technical overview of possible external facing vulnerabilities with further on full analyses of the acquired information to determine possible attack vectors and build a full intelligence profile.
A full intelligence profile consists of all and any valuable and/or applicable information, including, but not limited to: contact information of any kind (emails, phones, social media accounts etc.), leaked information of any kind (logins and passwords, security certificates, inner-company information etc.), technical information (technology stack, ip addresses, etc.).
Internal technological intelligence gathering, expressing itself as a full analysis of the technological state of the client, a full analysis of the clients cyber security approach.
At this point we analyze and categorize the systems architecture and the architecture of the clients cyber-security approach. Performed on the clients premises. This involves analyzing all software and hardware. This involves analyzing all technological aspects of the clients business.
Based on the Intelligence and internal intelligence report, we establish a plan, with technical specifications, on how to strengthen the clients cyber-security. This involves a very wide range of steps needed to be taken, including, but not limited to: Patching, System component change, software changes, technical upgrade, etc.. All the steps are calculated to not interfere with the clients current activities.
Depending on the needs of the client, we can compose a system and network architecture plan, that is cyber secure, from zero up.
THREE PHASES of REAL ATTACK SIMULATION.
Phase 1 - Point of entry. (the"Penetration"). In 9 out of 10 cases, there will always be an entry point, and ultimately it doesn't matter, whether your company restricts attached files to emails, turns off USB ports, or updates all internet-open services.
Phase 2 - Inside work (The "Hack"). By being not limited to the usage of any means necessary, we gain the maximum available privileges in your company's system with a goal to ultimately find financial interest in the hack (as so would a real hacker). Or Infrastructure control (if the client is a government affiliate or energy company).
Phase 3 – Simulation of the aftermath (The "Result"). We simulate the full aftermath of such an attack. And most importantly, we calculate the needed steps to prevent such attack and many alike.
REAL LIFE CASES
Just invested15 million USD into cyber-security (!).
Time taken to hack – 20 days.
Possible aftermath – loss of over 300 million USD directly, also loss of reputation has been approximated to significant stock price loss and client loss.
CLIENT: INVESTMENT COMPANY
Has on-premises own cyber security team, continually invests in them.
Time taken to hack – 35 days.
Possible aftermath – loss of client funds (possibly all) over 1 billionUSD, significant loss of reputation.
CLIENT: INSURANCE COMPANY
Frequently does pentests (by DevOps), has on premises IT department.