Social Engineering Service
A human is always the weakest link in any organization security posture. “Trust exploitation” is another term used in psychology to reflect the social interaction with the organization employees in order to identify the weak entry-points. Cipher Storm social engineering service objective is to identify those physical or procedural threats that can expose the organization’s private business assets. During the social engineering process, an unscrupulous person use devious means to obtain internal information which could defeat the existing security controls. This service is divided into two distinct parts:
1. Corporate Phishing Assessment
Cipher Storm has designed this service to adequate the simulated phishing attack against the corporate employees to highlight and assess their security awareness and additional technical controls. This process helps many organizations understand the underline threat targeted towards their employees. Procedures followed throughout this service are executed under controlled environment and with the guidelines proposed. The final evaluation report will put forward the details on strengthening the defenses of corporate IT infrastructure and judge the users knowledge on protection against phishing attacks.
2. Targeted Social Engineering
No matter how many technical controls and security policies are in place, but a simple targeted social engineering attack can evade the corporate firewall. For instance, envision a call to the selected employee by masqueraded desktop technician pretending to diagnose a technical problem at user’s computer and request a password. Once the password is known, it can be used to compromise the local system. Applying the art of deception to gain access to the network or other similar techniques to convince the legitimate users into revealing their credentials is the focused area of social engineering attacks. Cipher Storm will use extensive social engineering techniques categorized as, ego-attacks, sympathy attacks and intimidate attacks to acquire the target. An optional voice phishing service can used to demonstrate the attack initiation. Prior to the attack, considerable amount of information will be gathered from publicly available resources such as google search, on-site photos and employees information to extract the scope and determine the final execution.
A final report compiled by Cipher Storm consultant will list the successfully social engineered attacks and recommendations on the basis of physical, logical (technical) and administrative security areas.
End-User Security Awareness (CS-EUSA)
Ethical Hacking and Network Defense (CS-EHND) |
