Our Attack Simulations service line allows to simulate different threats in a cyber stresstest. This highlights undiscovered threats that our clients are faced within a Cyber Warfare. For example, we perform Ransomware Simulation, follow known Tactics, Techniques and Procedures (TTP) of Advanced Persistent Threat (APT) actors as well as we do support the EU standard for Threat Intelligence Based Ethical Red Teaming (TIBER) and traditional Red Teaming.
Attack TTPs are constantly evolving and attackers sophisticate their toolkits more than ever to bypass known good prevention methods at a large scale. With our long-term experience in performing Attack Simulations we permanently stay on top of the MITRE ATT&CK® framework to help you to defend your most valuable assets and lower the risk of a breach.
CHALLENGES
WEAK DETECTION CAPABILITIES
Organizations have security tools in use that are aimed to ease their day-to-day activity to follow up on specific attack patterns. However, often the less noisy and more stealthy attacks are not recognized as they are getting lost in the large amount of general attack-noise that the teams see on the line.
UNKNOWN SECURITY ESTATE
Preventing a modern targeted attack is a complex task which requires re-occurring training exercises and playbook training. The real state of a company’s security estate is often unknown to stakeholders involved, resulting in security budgets calculated without those important exercises.
LACK OF TRAINING
IT staff is often trained on specific products and their security. This neglects the big picture of a potential attack chain and implications when multiple attack vectors are combined to a sophisticated attack.
HOW CAN WE HELP
Y-Security provides its clients with the greatest up-to-date Attack Simulations methodology available. Our Red Team exercises, Threat Simulation and Bespoke Scenario Simulation exercises are aligned to industry best practice. We combine our decades of experience in performing cyber resilience simulations with known, and (publicly) unknown, Tactics, Techniques and Procedures of real-world threat actors.
RED TEAM
Our Red Team exercise is a goal-based adversarial activity that is performed from the perspective of an attacker with no or little knowledge of the target. The exercise is designed to verify if current technical, physical or process-based security controls and procedures are resistant to a targeted cyber attack. You gain insights into the risks a single coherent cyber-attack can bring to your organization. Additionally, your IT team learns from the attack results to improve their detection capabilities and strengthen your organization’s resistance against a targeted cyber attack.
| Location: | Remote / Onsite |
| Variation: | Purple Team, TIBER, Simulated Attack, Threat Intelligence |
With our team’s experience we deliver a wide range of attack types, based on real world threat scenarios. This does not only include your digital assets, but also physical assets and your organization’s premises. No two red teams are alike and we take our time in each exercise to closely collaborate with you. Together, we identify the most likely attack scenarios and add the unexpected ones on top.
The Adversary Simulation exercise begins with developing a unique targeted attack plan specific to your organization. The attack plan is created with input from Threat Intelligence. We combine our experience, known threats to your organization’s branch of industry and threats your organization is facing. Elaborated threats are combined in a risk-based and goal-oriented attack plan including Tactics, Techniques and Procedures (TTPs) used by real Advanced Persistent Threat (APT) groups. In the attack plan we focus on gaining access to your organization’s critical assets and illustrate the impact of a compromise without suffering from the consequences of a real breach.
At Y-Security, we utilize the MITRE ATT&CK® framework as the basis for our methodology and extend it with our knowledge of performed Attack Simulations. The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior that is used to describe the behavior of APT groups and software they use by aligning them to TTPs. The framework is divided into 14 categories and were merged into 6 phases for simplicity to form the kill-chain:
- Reconnaissance: Reconnaissance and Resource Development
- Initial Access: Initial Access and Execution
- Control & Movement: Privilege Escalation, Defence Evasion, Credentialed Access, Discovery, Lateral Movement and Collection
- Persistence: Persistence
- Data Exfiltration: Command and Control and Exfiltration
- Impact: Impact
After the assessment you receive a detailed report to enhance your organization’s resistance against a targeted cyber attack. The report includes identified attack paths, activities undertaken throughout the exercise together with detailed logs and recommendations for your organization. Additionally, feedback sessions are conducted with stakeholders, Senior IT management and your IT team to discuss the attack paths and provide in-depth support to develop a more robust cyber security strategy.
We also carry out Threat Simulation exercises in which we mimic the behavior of an APT actor to verify if current technical, physical or process-based security controls and procedures are resistant to a targeted cyber attack.
Are you interested in testing your resilience?
THREAT SIMULATION
Our Threat Simulation exercise is a threat based targeted attack against your organization. Y-Security mimics the behavior of an Advanced Persistent Threat (APT) actor to verify if current technical, physical or process-based security controls and procedures are resistant to a targeted cyber attack. After the simulation you have insights how resistant your organization is against the behavior of an APT actor and how to increase defensive mechanisms and capabilities to prevent a targeted cyber-attack.
| Location: | Remote / Onsite |
| Variation: | Ransomware Simulation, APT Group Simulation |
APT groups continuously develop their capabilities and most organizations are unable to detect attacks based on an APT group’s behavior. This is usually not a lack of tooling, but a lack of correlating gathered evidence from multiple places and a lack of training in detecting a sophisticated attack. For example, the APT group Wizard Spider changed their existing toolkit from EMOTET to TrickBot after the shutdown of the EMOTET network in 2021. Both tools used similar Tactics, Techniques and Procedures (TTPs). TrickBot is still known to affect many organizations worldwide.
The exercise begins with analyzing threats and APT groups relevant to your organization’s branch of industry and threats your organization faced. This information is taken in a risk-based and goal-oriented attack plan which typically consists of one threat actor at a time. In the attack plan Y-Security focuses on simulating the behavior of the identified APT group as realistic as possible to highlight the impact of a breach without suffering from the consequences of a real compromise.
The attack plan is build by using the MITRE ATT&CK® framework as a basis and extending it with publicly available information about the threat actor and our knowledge of the threat actor and their behavior. The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior that is used to describe the behavior of APT groups and software they use by aligning them to TTPs. The framework is divided into 14 categories and was merged into 6 phases for simplicity to form the kill-chain:
- Reconnaissance: Reconnaissance and Resource Development
- Initial Access: Initial Access and Execution
- Control & Movement:Privilege Escalation, Defence Evasion, Credentialed Access, Discovery, Lateral Movement and Collection
- Persistence: Persistence
- Data Exfiltration: Command and Control and Exfiltration
- Impact: Impact
You are presented with a detailed report to enhance your organization’s resistance against a targeted cyber attack of a specific threat. The report includes identified attack paths, activities undertaken throughout the exercise together with detailed logs and recommendations for your organization. Additionally, feedback sessions are conducted with stakeholders, Senior IT management and your IT team to discuss the attack paths and provide in-depth support to develop a more robust cyber security strategy.
We also carry out Red Team exercises where we develop a unique targeted attack plan specific to your organization by combining our experience, known threats to your organization’s branch of industry and threats your organization faced.
Are you interested in testing your resilience?
BESPOKE SCENARIO SIMULATION
Our Bespoke Scenario Simulation exercise is a goal-based adversarial activity against your organization. The exercise is a combination of Penetration Tests and Red Team activities. Our focus is set on pre-defined goals and less on bypassing internal security controls or remaining undetected from the IT team. You gain insights into the risks that a single coherent cyber-attack can bring to your organization and your IT team learns from the attack results to improve their detection capabilities and strengthen your organizations resistant against a targeted cyber attack.
| Location: | Remote / Onsite |
| Variation: | Purple Team, Playbook Exercise |
With our team’s experience we deliver a wide range of attack types based on real world threat scenarios. This does not only include your digital assets, but also physical assets and your organization’s premises. No two bespoke scenarios are alike and we take our time in each exercise to closely collaborate with you to identify the most likely attack scenarios and add the unexpected ones on top.
After the assessment you receive a detailed report customized to your needs. The report includes identified attack paths, activities undertaken throughout the exercise and recommendations for your organization to enhance the resistance against a targeted cyber attack. Additionally, feedback sessions are conducted with stakeholders, Senior IT management and your IT team to discuss the attack paths and provide in-depth support to develop a more robust cyber security strategy.
We also carry out Red Team exercises where we develop a unique targeted attack plan specific to your organization by combining our experience, known threats to your organization’s branch of industry and threats your organization faced.
Are you interested in testing your resilience?
BENEFITS
REAL WORLD ATTACK CHAIN
Our Attack Simulations exercise allows you to perform a sophisticated attack chain within a safe, risk-evaluated environment, performed by experienced and well trained staff.
IMPROVE MATURITY LEVEL
Improve your maturity level by expanding your standard security testing scope to the full picture that a real-world attacker would see and face.
IMPROVE TRAINING
Our Attack Simulations should be seen as a training opportunity for your IT and response team. Our exploit and lateral movement activity is performed in a repeatable fashion to allow your teams to tailor detection training to their needs.