NTT Security launches phishing service to test security posture of board members
31 May 2018
Initial results show that would-be attackers can access critical data in just 10 minutes
NTT Security, the specialised security company and centre of excellence in security for NTT Group, is expanding its suite of phishing attack simulation services with the use of special social engineering techniques to check whether senior executives pose a security risk.
The ’Management Hack’ service is specifically designed with C-level executives in mind, such as the CEO, CFO or even CIO. Cyber criminals are increasingly attracted to this level within an organisation as senior executives are more likely to have unrestricted access to highly confidential company data, including financial information, which makes them a valuable target. Senior executives also benefit from special privileges, with security policies or standards suspended or relaxed for example to simplify login – often with fatal consequences.
NTT Security will first coordinate with the client – typically a CISO or the Head of IT – and simulated, personalised social engineering attacks are then carried out, with the individuals involved unaware they are being targeted. NTT Security then analyses how executives respond, identifies specific weaknesses and recommends appropriate measures, such as security awareness training.
NTT Security's Management Hack service includes verification of IT security, physical security (property protection) and human error analysis. Using social engineering techniques, such as phishing and personalised spear phishing combined with malware or brute force attacks on passwords, a simulated attack involves a five-step approach:
1. Building a phishing website that simulates a customer or a website known to the customer
2. Designing a phishing email that leads to the phishing website
3. Sending the phishing emails to the client's senior management
4. Intercepting login information or other sensitive information
5. Producing a detailed report with statistics on the current security situation and measures to improve a company’s security posture.
A number of management hacks have been carried out by NTT Security in Scandinavia already with surprising results. Kai Grunwitz, Senior VP EMEA, NTT Security explains. "In many cases, we were able to access critical data, such as confidential business plans, mergers and acquisitions documents, domain controllers, usernames and passwords, in just 10 minutes."
~ Ends ~
Notes for editors:
For more information about NTT Security’s phishing attack simulation services, visit: https://www.nttsecurity.com/en-uk/services/technical-consulting/phishing-attack-simulation-services
About NTT Security
NTT Security is the specialized security company and the center of excellence in security for NTT Group. With embedded security we enable NTT Group companies to deliver resilient business solutions for clients’ digital transformation needs. NTT Security has multiple SOCs, seven R&D centers, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents.
NTT Security ensures that resources are used effectively by delivering the right mix of Managed Security Services, Security Consulting Services and Security Technology for NTT Group companies – making best use of local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest ICT companies in the world. Visit nttsecurity.com to learn more about NTT Security or visit www.ntt.co.jp/index_e.html