AASE Case Study: AKATI Sekurity Enhances Cybersecurity for Financial Institution

Client's Challenge:

A financial services organization recognized the critical need to evaluate and enhance its cybersecurity defenses against sophisticated, real-world attack scenarios. The primary challenge was to gain an accurate understanding of their security posture, including their ability to detect, respond to, and mitigate targeted cyber threats. The organization sought to identify potential vulnerabilities across its external infrastructure and internal systems, as well as assess the effectiveness of its security awareness programs among employees.

AKATI Sekurity's Solution: Expert Adversarial Attack Simulation Exercise (AASE)

AKATI Sekurity was engaged to conduct a detailed Adversarial Attack Simulation Exercise (AASE). This specialized exercise, a core offering from AKATI Sekurity, was meticulously designed to mimic the advanced tactics, techniques, and procedures (TTPs) of real-world attackers. The AASE conducted by AKATI Sekurity involved a multi-faceted approach, encompassing several distinct stages to simulate a comprehensive attack lifecycle. This included simulating threats originating from external-facing assets and those leveraging social engineering tactics to compromise internal systems and user accounts. The engagement, expertly managed by AKATI Sekurity, progressed through a series of carefully planned operational phases. These phases, executed by AKATI Sekurity's skilled team, started with initial threat intelligence gathering and target identification, moving through various exploitation and access methodologies, and culminating in simulated data exfiltration and persistence techniques.

Key Cybersecurity Services and Technologies Leveraged by AKATI Sekurity

Throughout the Adversarial Attack Simulation Exercise, AKATI Sekurity employed a range of its cutting-edge cybersecurity services and simulated the use of various attack technologies to provide a realistic assessment:

• Advanced Intelligence Gathering: AKATI Sekurity utilized Open Source Intelligence (OSINT), Deep Web, and Dark Web reconnaissance to gather critical information.

• Vulnerability Identification & Exploitation: AKATI Sekurity's team performed robust web application vulnerability scanning and simulated exploitation of vulnerabilities such as Reflected XSS and Clickjacking, alongside server IP exposure analysis.

• Credential Harvesting Simulation: AKATI Sekurity simulated credential harvesting through dark web searching and attempted to access user accounts using potentially compromised credentials.

• Custom Payload Engineering: The AKATI Sekurity team demonstrated expertise in developing custom payloads, such as keyloggers and screenshot utilities, designed to bypass security controls.

• Social Engineering Attack Simulation: AKATI Sekurity effectively simulated social engineering attacks, including the creation and use of a fake LinkedIn profile for payload distribution.

• Realistic Phishing Simulation: AKATI Sekurity conducted targeted phishing email campaigns, developing and distributing emails with embedded payloads to test user susceptibility and technical controls.

• Browser Exploitation Techniques: AKATI Sekurity showcased advanced techniques by utilizing a Browser Exploitation Framework (BeEF) to simulate hijacking user sessions and collecting credentials without direct file access.

• Command and Control (C2) Simulation: As part of the comprehensive AASE, AKATI Sekurity set up a controlled environment to simulate a C2 server, demonstrating how attackers might exfiltrate data using re-engineered payloads.

The Results/Impact

The AASE provided the client with valuable insights into their security posture:

• Reconnaissance Success: AKATI Sekurity successfully identified potential targets and gathered actionable intelligence, including an employee directory and numerous sub-domains, expanding the known attack surface.

• Web Application Vulnerabilities: Reflected XSS and Clickjacking vulnerabilities were identified on specific web assets, indicating potential for client-side exploitation. Server IP addresses for certain sub-domains were also exposed.

• Credential Compromise: A significant number of credentials were harvested from the dark web. Access was gained to the organization's iTrade user portal and research portal using some of these compromised credentials. However, higher-level administrative access was not achieved, indicating some effective defenses against privilege escalation.

• Phishing Susceptibility: Phishing emails were successfully delivered, and several payloads were executed on victim machines. While keystrokes and screenshots were captured in some instances, security defenses limited the full extraction of sensitive information in Phishing Campaign 1.

• Payload Effectiveness & Evasion: The custom-developed payload demonstrated the ability to execute, capture keystrokes and screenshots, and auto-execute at startup. It also showed an ability to bypass certain security solutions during testing. The re-engineered payload successfully executed across reboots and captured data as designed.

• Session Hijacking Success: The XSS-based phishing campaign (Phishing Campaign 2) successfully extracted browser cookies and system metadata (IP addresses, OS information, GPU details) from users who interacted with the phishing email, confirming the feasibility of session-based exploitation.

Case Study Conclusion

The exercise highlighted specific areas of strength and weakness. While some initial access and data exfiltration were possible, the client's existing security measures did provide mitigation against more extensive exploitation and full compromise in several scenarios. The detailed findings and recommendations provided by AKATI Sekurity enabled the client to prioritize remediation efforts, strengthen their security controls, and enhance employee security awareness training. Key recommendations focused on areas such as advanced email security (AI-based, DMARC, SPF, DKIM), external attack surface monitoring, dark web monitoring, web application security (CSP, input validation, secure headers, WAF tuning), session management (HttpOnly/Secure flags, short-lived tokens, MFA), and endpoint detection and response (EDR) fine-tuning.