Are you performing Penetration Testing on your IT infrastructure? If yes or no, here are some Penetration Testing tips that may assist you.

Cyber Attacks on Banks

Exposing Weaknesses in Bank’s Cyber Security

Penetration tests are finding that banks are becoming guilty of web application vulnerabilities, and insufficient network security measures. As soon as the attackers access the internal network, they find that the network is secured no better than companies in other industries.

One weak element throughout banks, is the human factor. Attackers can bypass the best protected network perimeter using techniques, such as Phishing. The Phishing message can be sent to bank employees both at their work and personal email addresses. The Phishing method for bypassing the network perimeter has been used by almost every bank attacker.

Positive Technologies, generated a test which indicated – employees at 75% of banks reviewed had clicked on links in phishing messages, and those at 25% of banks entered their credentials in a fake authentication form. At 25% of banks, at least one employee ran a malicious attachment on their work computer. Penetration testers succeeded in obtaining access to financial applications in 58% of cases. At 25% of banks, they were able to compromise the workstations used for the management of automatic teller machines (ATM’s), which means the banks tested were vulnerable to techniques similar to ones used by Cobalt and other cyber-criminal gangs in actual attacks.

Moving money to criminal-controlled accounts through interbank transfers, a favorite method of the Lazarus and MoneyTaker groups, was possible at 17% of tested banks, while at the same proportion of banks, card processing systems were poorly defended, which would enable attackers to manipulate the balance of card accounts. Such attacks were recorded in early 2017 against banks in Eastern Europe.

An attacker collects the following information about the bank:

  • Information about network perimeter systems and software
  • Employees (including email addresses, telephones, positions, and names)
  • Partners and contractors, as well as their systems and employees
  • Business processes

Examples of preparatory actions:

  • Developing or adapting malicious software for the software and OS versions used in the bank
  • Preparing phishing emails
  • Setting up infrastructure (including domain registration, server rental, and purchase
  • of exploits)
  • Preparing the infrastructure for money laundering and cash withdrawal
  • Searching for money mules
  • Testing the infrastructure and malicious software

Conclusion

Penetration testing can indicate your organization’s weaknesses and how an attacker can wrongfully enter your system(s). Understanding how you can be hacked will help create a barrier to prevent breaches in the future. The key is to remember that if an attack is detected and stopped in time, intruders can be thwarted. Preventing losses is possible at any stage if appropriate protective measures are taken. Email attachments should be checked in an isolated environment (sandbox), instead of relying solely on endpoint antivirus solutions. It is critical to configure notifications from protection systems and react to notifications immediately. Therefore security events must be monitored by an internal or external security operations center (SOC) with use of security information and event management (SIEM) solutions, which significantly facilitate and improve processing of information security events. Cybercrime is continuing to evolve and advance quickly, making it crucial that instead of hiding incidents, banks pool their knowledge by sharing information on industry attacks, learning more about relevant indicators of compromise, and helping to spread awareness throughout the industry.

0
Read More

Penetration Testing vs. Vulnerability Assessment: What’s the Difference?

Penetration Testing and Vulnerability Scanning are often confused as the same service. The problem is, they have their differences and are not the same. Let me explain how they differ:

Vulnerability Assessment

Vulnerability Assessment is an inspection of the potential points of exploit on a computer or network to identify security holes.

A vulnerability scan detects and classifies system weaknesses in computers, networks, communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provider, possibly as a condition imposed by some authority. The vulnerability scan involves the use of automated network security scanning tools, whose results are listed in the report. As findings reflected in a vulnerability assessment report are not backed by an attempt to exploit them, some of them may be false positives.

Client Note: A solid vulnerability assessment report should contain the title, the description and the severity (high, medium or low) of each vulnerability uncovered. A mash of critical and non-critical security weaknesses would be quite puzzling, as you wouldn’t know which vulnerability to patch first.

Penetration Testing

In contrast to vulnerability scanning, penetration testing involves identifying vulnerabilities in a particular network and attempting to exploit them to penetrate into the system.

The purpose of penetration testing is to determine whether a detected vulnerability is genuine. If a pentester manages to exploit a potentially vulnerable spot, he or she considers it genuine and reflects it in the report. The report can also show unexploitable vulnerabilities as theoretical findings. Don’t confuse these theoretical findings with false-positives. Theoretical vulnerabilities threaten the network but it’s a bad idea to exploit them as this will lead to DoS.

Client Note: At the initial stage, a reputable provider of penetration testing services will use automated tools sparingly. Practice shows that a comprehensive penetration testing should be mostly manual.

During the exploiting stage, a pen-tester tries to harm the customer’s network (takes down a server or installs malicious software on it, gets unauthorized access to the system, etc.). Vulnerability assessment doesn’t include this step.

Penetration testing vs. vulnerability assessment at a glance

Which lays bare the differences between the two techniques:

How often to perform the service?

Vulnerability assessment: Once a month. Plus an additional testing after changes in the network.

Penetration testing: Once a year, at the least

What’s in the report?

Vulnerability assessment: A comprehensive list of vulnerabilities, which may include false positives.

Penetration testing: A “call to action” document. It list the vulnerabilities that were successfully exploited.

Who performs the service?

Vulnerability assessment: In-house security staff or a third-party vendor.

Penetration testing: A provider of penetration testing services.

What’s the value of the service?

Vulnerability assessment: Uncovers a wide range of possible vulnerabilities

Penetration testing: Shows exploitable vulnerabilities.

The choice of vendor

The differences between vulnerability assessment and penetration testing show that both information security services are worth taking on board to keep your network & computer infrastructure safe. Vulnerability assessment is good for security maintenance, while penetration testing discovers real security weaknesses.

It’s possible to take advantage of both services only if you contract a high-quality vendor, who understands and, most importantly – translates to the customer the difference between penetration testing and vulnerability assessment. Thus, in penetration testing, a good vendor combines automation with manual work and doesn’t provide false positives in the report. At the same time, in vulnerability assessment, the vendor uncovers a wide range of possible network vulnerabilities and reports them according to the customer’s business.

0
Read More
Locations

Corporate Headquarters
58 Waterman Avenue - North Providence RI 02911

MA Office
14 Holly Lane - Westport MA 02790

Toll Free: (888) 219-5296
Local: (401) 231-8130

Operating Live 24∙7∙365