APT Testing

An advanced persistent threat (APT) is an attack in which a hacker gains access to the system and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organisation.

In an APT attack, the goal is not to get in and out but to achieve ongoing access. An APT attacker often uses spear phishing, a type of social engineering, to gain access to the network through legitimate means. Once access has been achieved, the attacker establishes a back door. The next step is to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. The back doors allow the attacker to install bogus utilities and create a “ghost infrastructure” for distributing malware that remains hidden in plain sight.  This type of attack requires an innovative method of testing to quantify its threat.

Our APT testing is comprised of a series of combined targeted technical penetration and social engineering attacks designed to bypass current detection and prevention controls and obtain unauthorized access to your organisation’s information assets.

Our methodology begins with conducting extensive research into your organisation’s people, processes and technology, mapping out external-facing infrastructure, staff, supplier and vendor remote access vectors and publicly-known information.

The objective is to locate and remove sensitive information assets without being detected.  Risk Crew APT testing cost-effectively assesses your organisation’s intelligence protection, intrusion detection capability and incident response capability as well as testing the external infrastructure defences. 

Risk Crew are industry leaders in designing and delivering comprehensive APT simulation testing to quantify your systems’ resiliency to attacks.  Our test methodology is based on an orchestrated assessment emulating adversarial tools, tactics, techniques and procedures of more than thirty-five tracked APT campaigns.

Our experienced testing engineers hold CREST, C√SS, C│EH and GIAC credentials ensuring they can effectively assess your businesses capabilities to detect, monitor and mitigate APTs.

Give us a call and tell us how we can help you.

For flat fee pricing structure and full service level agreements detailing service specifications, scope and deliverables for any of the above services or to place an order, contact Risk Crew.