Contact us: info@tenendo.com
How we did it
- Social engineering tactics were used to craft convincing phishing emails targeting support engineers.
- The attack exploited weak initial access controls, specifically AnyConnect/OVPN.
- The phishing payloads executed commands on the engineer’s workstation, demonstrating a critical gap in endpoint detection.
- SOC response was monitored to evaluate reaction time and effectiveness in containment.
Conclusion
The test revealed a significant gap in phishing detection and response mechanisms for the support team. The lack of alerts allowed the attacker to gain initial access undetected. The SOC team demonstrated a better response time but still had areas to improve.
Recommendations included:
- Enforcing two-factor authentication (2FA) on all remote access solutions.
- Strengthening endpoint detection (EDR) to flag unauthorised command execution.
- Improving phishing awareness training for all employees.