Penetration Testing
Penetration Testing is an Ethical Hacking activity and consists of a technical evaluation to be implemented over a dedicated time frame and designed to achieve a specific objective, for example, to exfiltrate customer data, to gain access as a network administrator or to modify sensitive employee salary information. They can be network-based, use physical attacks, social engineering, phishing, be application focused, or all of the above.
Red Teaming
This activity is also an Ethical Hacking task and consists of a long-term or ongoing evaluation based on a campaign that emulates real-world adversaries with the goal of improving the quality of a company’s information security defences. Specifically, it is noted that the attack simulates Threat Actors including cyber-crime, as in the case of ransomware attacks.
Unlike Penetration Testing, this activity does not specify a particular attack perimeter but is a flexible, broad-spectrum security assessment, according to the methodology known as the “Cyber Kill Chain”, and it has several phases.
If required, for the banking and financial sector, the Red Team service can follow the TIBER-EU methodology, in which Terishield assumes the role of Red Team Provider.
Purple Teaming
Purple Teaming differs from Red Teaming in that it is more collaborative: In Red Teaming, the Red Team and the Blue Team work separately, with the Red Team simulating attacks on the Blue Team without prior notice, creating realistic scenarios in which the SOC must react spontaneously. In Purple Teaming, the Red Team and the Blue Team work together. In this context, the Red Team informs the Blue Team of the attacks carried out, which then assesses its own detection and response capabilities in real-time, allowing for continuous optimization of defence systems through constructive and direct feedback.
Ransomware Assessment
Ransomware assessment, or the evaluation of readiness against ransomware, is a process aimed at assessing an organization’s ability to defend against and mitigate the impact of a ransomware attack. Ransomware is a form of malware that encrypts files on a victim’s computer, then demands a ransom for decryption.
The assessment process can include a variety of activities, such as analysing the organization’s processes, tools, and capabilities, identifying any gaps in the design of security controls, and interviewing key stakeholders for further insights.
It may also involve designing and managing a simulation of a ransomware emergency situation to test the organization’s incident response processes.
A ransomware assessment can also entail the analysis of vulnerabilities associated with active services, classification of threat severity, and analysis and consolidation of the findings.
Furthermore, it can include the preparation of reports, which provide a detailed account of risk levels and recommendations for improving ransomware preparedness.
Another important aspect of ransomware assessment is evaluating the organization’s ability to resume operations in the event of an infection. This can include scanning defences against specific methods of intrusion, lateral movement, and exfiltration used by ransomware.
Social Engineering
Social engineering is a set of techniques used by cybercriminals to manipulate individuals to gain access to confidential information or network systems. This can occur through psychological manipulation, deception, or abuse of trust. Social engineering attacks can be highly sophisticated and often exploit users’ lack of awareness about the value of their personal data.
Phishing is a form of social engineering where an attacker pretends to be a trustworthy entity in a digital communication, usually via email, to obtain sensitive data such as login credentials or financial information. Phishing attacks can be very sophisticated.
Smishing, or SMS phishing, is a variant of phishing where the attack is carried out through text messages. In this case, the attacker sends a convincing text message that appears to come from a reliable source, prompting the recipient to click on a link or provide personal information. The link may lead to a phishing site or malware designed to steal information.
Vishing, or voice phishing, is another variant of phishing where the attack is carried out through phone calls. Here, the attacker may simulate a legitimate call centre, such as that of a bank, to obtain personal or financial information. This type of attack exploits the greater trust people tend to place in voice communications compared to written ones.
ATM Security
The ATM Security & Pentesting service focuses on analysing Automated Teller Machines (ATMs) to identify security vulnerabilities in both software and hardware. This service provides a comprehensive vulnerability assessment, identifying critical threats such as card skimming, malware attacks, network compromises, PIN fraud, and Supply Chain vulnerabilities (suppliers).
To assess the resilience of ATM defences against current and emerging threats, simulated on-site penetration tests are replicated using real-world attack techniques, including black box, white box, and grey box testing to manipulate the hardware and software.
Furthermore, a thorough review of the security architecture is conducted, closely examining communication protocols, authentication practices, data encryption, and system configurations to determine any gaps in the intrinsic security of ATMs.
In the event of a suspected breach, the service offers an in-depth forensic analysis, examining ATM logs, transaction records, and other digital forensic data in detail to reconstruct incidents and provide corrective mitigation actions.
The service also ensures that ATM systems comply with industry-specific standards and regulations, ensuring compliance and the adoption of best practices.
Penetration Testing is an Ethical Hacking activity and consists of a technical evaluation to be implemented over a dedicated time frame and designed to achieve a specific objective, for example, to exfiltrate customer data, to gain access as a network administrator or to modify sensitive employee salary information. They can be network-based, use physical attacks, social engineering, phishing, be application focused, or all of the above.
Suggested services
This activity is also an Ethical Hacking task and consists of a long-term or ongoing evaluation based on a campaign that emulates real-world adversaries with the goal of improving the quality of a company’s information security defences. Specifically, it is noted that the attack simulates Threat Actors including cyber-crime, as in the case of ransomware attacks.
Unlike Penetration Testing, this activity does not specify a particular attack perimeter but is a flexible, broad-spectrum security assessment, according to the methodology known as the “Cyber Kill Chain”, and it has several phases.
If required, for the banking and financial sector, the Red Team service can follow the TIBER-EU methodology, in which Terishield assumes the role of Red Team Provider.
Purple Teaming differs from Red Teaming in that it is more collaborative: In Red Teaming, the Red Team and the Blue Team work separately, with the Red Team simulating attacks on the Blue Team without prior notice, creating realistic scenarios in which the SOC must react spontaneously. In Purple Teaming, the Red Team and the Blue Team work together. In this context, the Red Team informs the Blue Team of the attacks carried out, which then assesses its own detection and response capabilities in real-time, allowing for continuous optimization of defence systems through constructive and direct feedback.
Ransomware assessment, or the evaluation of readiness against ransomware, is a process aimed at assessing an organization’s ability to defend against and mitigate the impact of a ransomware attack. Ransomware is a form of malware that encrypts files on a victim’s computer, then demands a ransom for decryption.
The assessment process can include a variety of activities, such as analysing the organization’s processes, tools, and capabilities, identifying any gaps in the design of security controls, and interviewing key stakeholders for further insights.
It may also involve designing and managing a simulation of a ransomware emergency situation to test the organization’s incident response processes.
A ransomware assessment can also entail the analysis of vulnerabilities associated with active services, classification of threat severity, and analysis and consolidation of the findings.
Furthermore, it can include the preparation of reports, which provide a detailed account of risk levels and recommendations for improving ransomware preparedness.
Another important aspect of ransomware assessment is evaluating the organization’s ability to resume operations in the event of an infection. This can include scanning defences against specific methods of intrusion, lateral movement, and exfiltration used by ransomware.
Social engineering is a set of techniques used by cybercriminals to manipulate individuals to gain access to confidential information or network systems. This can occur through psychological manipulation, deception, or abuse of trust. Social engineering attacks can be highly sophisticated and often exploit users’ lack of awareness about the value of their personal data.
Phishing is a form of social engineering where an attacker pretends to be a trustworthy entity in a digital communication, usually via email, to obtain sensitive data such as login credentials or financial information. Phishing attacks can be very sophisticated.
Smishing, or SMS phishing, is a variant of phishing where the attack is carried out through text messages. In this case, the attacker sends a convincing text message that appears to come from a reliable source, prompting the recipient to click on a link or provide personal information. The link may lead to a phishing site or malware designed to steal information.
Vishing, or voice phishing, is another variant of phishing where the attack is carried out through phone calls. Here, the attacker may simulate a legitimate call centre, such as that of a bank, to obtain personal or financial information. This type of attack exploits the greater trust people tend to place in voice communications compared to written ones.
The ATM Security & Pentesting service focuses on analysing Automated Teller Machines (ATMs) to identify security vulnerabilities in both software and hardware. This service provides a comprehensive vulnerability assessment, identifying critical threats such as card skimming, malware attacks, network compromises, PIN fraud, and Supply Chain vulnerabilities (suppliers).
To assess the resilience of ATM defences against current and emerging threats, simulated on-site penetration tests are replicated using real-world attack techniques, including black box, white box, and grey box testing to manipulate the hardware and software.
Furthermore, a thorough review of the security architecture is conducted, closely examining communication protocols, authentication practices, data encryption, and system configurations to determine any gaps in the intrinsic security of ATMs.
In the event of a suspected breach, the service offers an in-depth forensic analysis, examining ATM logs, transaction records, and other digital forensic data in detail to reconstruct incidents and provide corrective mitigation actions.
The service also ensures that ATM systems comply with industry-specific standards and regulations, ensuring compliance and the adoption of best practices.
