The client is an international bank with total assets of USD 900 million. The bank offers a full range of banking services for private and corporate clients.
We were asked to conduct a penetration test using social engineering and try to gain access to the bank's internal network by manipulating its staff. In this way, the Client wanted to test the effectiveness of existing security solutions in combination with cyber hygiene awareness campaigns among employees.
Despite the maturity of the client's cybersecurity, after a week of reconnaissance, we managed to bypass security services and penetrate the system using one of the classic tricks - sending emails with malicious attachments.
Sandbox bypass vulnerability:
We applied special training methods to determine how to bypass this filter. By analyzing how the system runs and learns the file's process tree, we were able to develop malware that tricks the sandbox. We prepared a new payload that passed through anti-virus, file signature and behavioral analysis, and activated the code after only a few days without being detected as malware.
Having identified the sandbox bypass vulnerability, our malicious email passed the security stage and the dropper was activated on one of the employee's devices. Next, we established a connection and, through file sharing, found an opportunity to hijack certain accounts, find misconfigured backup access, and work our way through the network to take over the domain. After completing the testing, we provided a list of possible measures to restore the required level of security and helped the bank to patch the security gaps as soon as possible.