The client is a large retail and commercial bank. Apart from the international operations in multiple countries, the bank has around 105 branches and around 500 ATMs.
The bank wanted to understand its exposure to advanced and sophisticated cyber-attack tools, techniques and procedures. Zacco was engaged to conduct a full scale Red Team Assessment on all layers of the bank’s operations.
Considering that the banks in the region were subject to various high-profile sophisticated attacks, the Board of Directors wanted to understand the bank’s security capability to identify and respond to such attacks.
The client had grown organically and had amassed various technology infrastructure and capabilities along the way. They had also deployed various security technologies, established cyber security processes and conducted security awareness scenarios over time. The bank had never put itself to test to multi-vector real-life sophisticated attacks.
Zacco conducted the red team assessment from an internet-facing perspective. Various attempts were established to gain access into the client’s internal network.
Many such scenarios and attack vectors were tried out and a summary and comprehensive reports were documented listing down the assessment findings and recommendations for protecting against such sophisticated attacks.
The full Red Team engagement executed by Zacco was highly successful and had yielded a significant set of results. Using the various approaches of information gathering, social engineering and phishing to extract sensitive information from the financial institute, it was possible to enumerate and gain numerous sensitive information.
The level of access and information that was obtained would have represented a severe breach, financial damages, and harm to the organization’s brand and reputation if similarly conducted by a real-world adversary.