Choose from one of the different attack vector options below. Or combine these in a personalized subscription.

Full Kill-Chain APT Module

Are you Advanced Persistent Threat (APT) Ready? Simulate. Evaluate. Remediate.

Cymulate makes it simple to instrument your security framework, so you can continuously test, measure and improve the effectiveness of your IT controls in defending against real-world cyber attacks.

Testing Controls Across the Full Kill Chain

Since an Advanced Persistent Threat (APT) attempts to bypass security controls across the cyber kill chain, from attack delivery to exploitation and post-exploitation, defending against an APT requires testing the effectiveness of multiple security controls within your arsenal. Since the efficacy of one control affects the exposure of the next control in the kill chain, ascertaining if your defenses work against a full-blown attack becomes a daunting proposition.

Instrumenting your Security with APT Simulations

Cymulate’s Full Kill-Chain APT Simulation Module solves the challenge of security effectiveness testing across the entire cyber kill chain by instrumenting your security framework in a comprehensive and easy-to-use manner. Instead of challenging each attack vector separately, organizations can now run a simulation of a full-scale APT attack with a click of a button, and gain a convenient, single-pane view of security gaps across their arsenal.

Choose among Templates of High-Profile APTs

Organizations can select among eight APT attack templates that mimic the modus operandi of real-world APT attacks launched by well-known APT groups, such as Fancy Bear, OilRig, Lazarus Group, Ocean Lotus and Dragonfly 2.0.

Simulated APT Attack Flow

As with a real APT, the different vectors are launched sequentially, one after the other, starting from a simulated attack on the email or web gateway, followed by endpoint security. Depending on the APT template chosen, the module may then challenge the organization’s network policies, to test for the ability to move laterally, and attempts to exfiltrate predefined sets of data, for example mock PII, mock medical records, payment details etc., testing the effectiveness of your DLP controls.

Actionable Insights and Reporting

An attack simulation is only as effective as the corrective steps taken to remediate identified gaps.

At the end of each APT simulation, the following actional insights are automatically generated and delivered:

  • The outcome of each attempted step of the APT attack is shown, e.g. Success, Failure or Partial Success.
  • An exposure score that takes into account potential asset impact, infection success rate, and probability of encounter.
  • Remediation and mitigation guidelines that map to the MITRE ATT&CK framework for additional context.
  • KPI Metrics offer quantifiable security posture benchmarks, and an immediate, objective understanding of where you are most vulnerable so you can prioritize remediation efforts and resources. These metrics also provide a way to measure security controls performance over time, and compare yourself to others in your industry.
  • Executive and Technical-level briefs summarize simulation results for the board, or detailed for your technical team so that it has the information it needs to reduce your attack surface.

Email Gateway Attack Vector

Cymulate’s Email Gateway vector helps you to test your corporate email security.

Email is the most frequently used method of attack for exploiting security weaknesses and compromising corporate environments. Research shows that over 75% of cyberattacks worldwide originate from a malicious email, and the number of those targeted attacks keep increasing. As we have seen in the past, both very high-profile cyber campaigns as well as less known ones, are launched with an email containing a malicious attachment or link for infecting victims with ransomware or opening a direct connection to the Command & Control (C&C) servers of hackers.

Organizations utilize different security controls, such as Secure Email Gateways (SEGs), Sandbox, and Content Disarm and Reconstruction (CDR) solutions to protect their employees’ mailboxes. However, their incorrect configuration or implementation can lead to the false assumption that an organization is safe.

Cymulate’s Email Gateway simulation vector is designed to evaluate your organization’s email security and potential exposure to a number of malicious payloads sent by email. The simulated attack exposes critical vulnerabilities within the email security framework. By sending emails with attachments containing ransomware, worms, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass your organizations’ first line of defense and reach your employees’ inbox. After running a simulation, the next step would be to test employees’ security awareness regarding socially engineered emails that try to lure them into opening malicious attachments, disclosing their credentials or clicking on malicious links (See Phishing Vector).

Web Gateway Attack Vector

Cymulate’s Web Gateway Vector

Cymulate’s Web Gateway Vector helps you to test your HTTP/HTTPS inbound and outbound exposure to malicious or compromised websites.

Unsecure web browsing is frequently abused by hackers to exploit security weaknesses and compromise corporate environments. The World Wide Web is filled with malicious websites, and new ones are uploaded every day. Furthermore, legitimate websites developed in an unsecure manner are also being compromised and used to spread malware and other attacks. About 12% of recorded cyberattacks use a significant number of malware and malicious scripts that are delivered while browsing to infected websites or via browser add-ons.

In addition, malicious scripts–using Flash, Java and Microsoft Silverlight plug-ins on webpages–make up a quarter of malware attacks. The Cerber and Bad Rabbit attacks started off by a malicious hacker compromising a legitimate website to spread their malware. In the case of Cerber, it was found that the U.S. National Wildfire Coordinating Group’s (NWCG) website was hosting a JavaScript downloader that was used to deliver the Cerber ransomware. It used a zip archive that contained a JavaScript file with an obfuscated PowerShell. The PowerShell downloaded the Cerber executable, disguised as a GIF file. This attack was removed from the website within less than a day after infecting thousands of victims who browsed to NWCG’s legitimate website.

Despite pervasive use of proxies, web filters, and all sorts of secure browsing solutions, browsing to malicious and compromised websites is a very common risk due to malicious online advertisements, fraudulent links, exploit kits and more. Since the majority of web malware infections takes place during legitimate browsing of infected mainstream websites or via browser add-ons, assessing the outbound exposure to malicious websites is crucial.

Cymulate’s Web Gateway cyber attack simulation vector is designed to evaluate your organization’s inbound and outbound exposure to malicious or compromised websites and current capabilities to analyze any inbound traffic. It enables you to verify your organization’s exposure to an extensive and continuously growing database of malicious and compromised websites.

Immediate, actionable simulation results enable IT and security teams to identify security gaps, prioritize remediation and take corrective measures to reduce your organization’s attack surface.

Web Application Firewall Attack Vector

Cymulate’s Web Application Firewall (WAF) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks.

Web applications, including consumer-facing applications and enterprise apps, have become a central business component, and huge amounts of money and effort are spent protecting them. This has become complicated since web apps have grown from just a few business applications to a multitude of backend web apps, SaaS apps and other cloud-delivered solutions.

Furthermore, the number and diversity of threats continues to increase, from advanced malware to web-specific application-layer attacks, as well as denial and distributed denial of service (DoS, DDoS) attacks and security-induced usability issues. Regarding security, organizations rely on WAF for protecting their web apps. These days, it is very easy for cybercriminals and novice black hats to find all sorts of automated attack tools online. With such tools, all they need to do is insert a URL address as the target and launch their attack. A successful attack can bring down a website that is used to generate revenue for the organization. Every minute the website is down costs the organization a lot of money, impacts its credibility and translates into business loss. A notorious example is the infamous Equifax breach that was caused by an application vulnerability (Apache Struts) in one of its websites affecting over 140 million consumers.

With Cymulate’s WAF attack simulation, you can check if your WAF configuration, implementation and features are able to block payloads before they get anywhere near your web applications. The platform simulates an attacker who tries to bypass your organization’s WAF and reaches the web application, after which they attempt to perform malicious actions such as mining sensitive information, inflicting damage and forwarding users to infected websites using applicative attacks such as cross-site scripting (XSS), SQL and command injections.

At the end of each WAF attack simulation, or other simulation vector, a Cymulate Risk Score is provided, indicating the organization’s exposure, along with other KPI metrics and actionable guidelines to fine-tune controls and close security gaps.

Phishing Awareness Attack Vector

Cymulate’s Phishing Awareness vector helps you assess your employees’ awareness to socially engineered attack campaigns.

Phishing attacks (including spear phishing, ransomware, BEC or CEO fraud) use social engineering to infiltrate and compromise corporate and production environments. That’s why it is important to raise the awareness of employees regarding cyber-attacks using social engineering methods such as the Nigerian Prince phishing campaigns.

Cymulate’s Phishing Awareness vector is designed to evaluate your employees’ security awareness. It simulates phishing campaigns and detects weak links in your organization. Since it is designed to reduce the risk of spear-phishing, ransomware or CEO fraud, the solution can help you to deter data breaches, minimize malware-related downtime and save money on incident response.

Security awareness among employees is tested by creating and executing simulated, customized phishing campaigns enabling you to detect who are the weakest links in your organization.

The phishing simulation utilizes ready-made out-of-the-box templates or custom-built templates assigned to a corresponding landing page with dummy malicious links. At the end of the simulation, a report is generated summarizing statistics and details of employees who have opened the email, and those who have clicked on the dummy malicious link, enabling organizations to assess their employees’ readiness to identify hazardous email.

Endpoint Security Attack Vector

Cymulate’s Endpoint Security vector challenges your endpoint security controls and checks whether they are properly tuned to defend you against signature and behavior-based attacks.

Endpoints have become the target of choice by hackers. Users’ workstations within a network domain are also points of entry for attackers. That’s why organizations reinforce their endpoints with layers of protection such as antivirus, antispyware and behavioral detection solutions. They even deploy highly sophisticated deception systems to lead attackers away from the real endpoints and lure them to honeypots and traps.

However, as repeatedly witnessed in the headlines and based on the Cymulate Research Lab’s findings, security measures such as EDRs EPPs and AVs still fall short and miss out on different types of worms, ransomware and Trojans, thus allowing access to cybercriminals, malicious hackers and rogue insiders.

One discovered last year involved a malicious Iranian-based attacker who launched a widespread spear phishing campaign targeting government and defense entities (for testing phishing awareness see Phishing Awareness). The spear phishing emails had malicious macro-based documents attached to them using socially engineered methods enabling Indirect Code Execution through INF (Setup Information) and SCT (Scitex) image files.

That malicious macro in the document dropped files, one of which was an SCT file, which on its own does not sound malicious, but contained a VBS script that can be executed from REGSVR32 and was therefore hidden and could bypass endpoint security solutions.

The main function performed by the SCT file was to Base64 decode the contents of WindowsDefender.ini file and execute the decoded PowerShell. Once successfully executed, the POWERSTATS backdoor enabled the attackers to get a foothold within the organization to reach sensitive information (see Hopper (Lateral Movement) Vector and Data Exfiltration Vector).

Cymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.

The endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.

Lateral Movement Attack Vector

Cymulate’s Lateral Movement (Hopper) vector challenges your internal networks against different techniques and methods used by attackers to gain access and control additional systems on a network, following the initial compromise of a single system.

Once an organization’s perimeter defenses fail and endpoint security is bypassed, providing the attacker a foothold in the organization (see Endpoint Security Vector) lateral movement inside the network is a common next step in a penetration scenario. Organizations deploy numerous security solutions and controls in order to prevent such movement. Whether as part of their internal policy configuration or a specific security solution, organizations depend on various controls to prevent, detect and monitor lateral movement.

As threat actors move deeper into the network, their movements and methods become more difficult to detect especially when they abuse Windows features and tools typically used by IT administrators (e.g., PowerShell). Gaining administrative privileges also makes threat actors’ activities undetectable and even untraceable. Some well-known examples were the WannaCry and NotPetya attacks, the latter which literally shut down the operations of the shipping giant Maersk, causing hundreds of millions of dollars in damages.

Such attacks can force small companies out of business. They can also interrupt emergency operations and surgeries as seen during the WannaCry campaign which hit dozens of NHS hospitals and medical centers in the UK. These attacks used a powerful exploit called Eternal Blue to spread and laterally move within networks.

Based on research and our own experience, once attackers manage to move laterally within a compromised network, they have on average three months to conduct their malicious activities without being detected.

Manual methodologies to penetrate organizations and simulate hacker breach spots are limited in speed, volume and scope. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.

The platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.

The Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations.  By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.

Data Exfiltration Attack Vector

Cymulate’s Data Exfiltration vector challenges your Data Loss Prevention (DLP) controls, enabling you to assess the security of outbound critical data before your sensitive information is exposed.

Organizations are forced to comply with an increasing number of laws and regulations designed to better safeguard their data, which puts the onus on them to fully safeguard their data. Apart from compliance requirements, data breaches also create huge financial impact on a victim company’s reputation. DLP solutions are designed to protect against data exfiltration. Organizations depend almost entirely on DLP implementation, methodology and configuration to protect their valuable data.

The Data Exfiltration vector is designed to evaluate how well your DLP solutions and controls prevent any extraction of critical information from outside the organization. The platform tests the outbound flows of data (such as personally identifiable (PII), medical, financial and confidential business information) to validate that those information assets stay indoors.

The attack simulation results are presented in a comprehensive and easy-to-use format, allowing organizations to understand their DLP-related security gaps and take the appropriate measures using actionable mitigation recommendations.

Immediate Threat Intelligence Attack Vector

Cymulate’s Immediate Threat Intelligence vector helps you to test your organization’s security posture against clear and present cyberthreats.

Every day, numerous new payloads and attacks show up in the wild, orchestrated by known and unknown hostile entities. Organizations all over the world are vulnerable to these new threats that have just been launched. The threat of a new zero day or old security gaps that are being exploited to launch a large-scale attack, are a daily worry for CISOs, CIOs, risk managers and other security professionals tasked with safeguarding their organization’s security and reporting their organization’s security posture to executive management.

These new attacks (such as Emotet, Dridex, Ryuk, Trickbot and others) come in different forms, such as an email attachment or a download link appearing on a legitimate or compromised website. After penetrating the organization’s perimeter, they can eventually cause serious damage to an organization. That is why these professionals need to be sure that their cybersecurity framework holds up against such active threats circulating in the wild.

Cymulate’s Immediate Threat Intelligence vector is designed to inform and evaluate your organization’s security posture as quickly as possible against the very latest cyber attacks. The simulation is created by the Cymulate Research Lab which catches and analyzes threats immediately after they are launched by cybercriminals and malicious hackers.

By running this simulation, you can validate within a short time if your organization would be vulnerable to these latest threats and take measures before an attack takes place.

The simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each threat that has been discovered, and vary according to the type of attack simulated, and the extent to which the attack was able to distribute itself. This allows the organization to truly understand its security posture and take action to improve or update controls where necessary.