External Security Assesment is important for all Network and applications

The most common solution to external network security assessments is scan, scan, scan…and then scan some more

One of the most common vulnerability assessment activities for all companies of all sizes is an external scan, typically targeting internet-facing websites. Because we service the vulnerability assessment and penetration testing needs of large enterprises, we know “you know” that scanning external-facing network resources is important, and an obvious high priority. But we also challenge you to understand that scanning alone is not enough, unless all you really want is a checkmark for an audit of one kind or another.

A complete job of assessing the hardness of your external network includes multiple steps. Here are four of the main steps that you should be familiar with:

1. Anonymous information gathering to discover all Internet-facing assets a hacker could identify as potential entry-points into your network
2. Scanning of your internet-available network access points and web servers for known vulnerabilities (non-credentialed)
3. Verifying scan-result findings through in-depth manual pen testing attack techniques (both credentialed and non-credentialed)
4. Providing deeply informed remediation guidance and advisory services for identified/verified vulnerabilities

Why is BriskInfoSec approached to discuss external vulnerability assessment work with large enterprises?

BriskInfoSec is approached by our large enterprise clients to assess the security of their external-facing network assets for many reasons, but chief among them are dissatisfaction with their own internal tools, their present provider, and/or their own internal team’s ability to effectively manage all of their external testing work efficiently over time in a consistent and professional manner. These kinds of situations frequently result in an assignment for someone in a company’s security staff to search out alternatives; which then open up an opportunity for BriskInfoSec to present our highly-disciplined, in-depth approach to assessing the security of their external-facing network assets as compared to their present approach.

What do these companies discover when comparing BriskInfoSec approach to external security testing with their own present approach?

Because BriskInfoSec is driven by an across-the-board corporate culture that’s passionate about delivering the highest-value findings and recommendations possible, we do more than the basic steps, we do all the steps on your behalf; and then even more than that. If you assign mid-to-low-level-importance projects to others, fine, we see that frequently. But if you have a set of high-value software assets or critical points-of-entry into your network, working with BriskInfoSec always begins with an education about scanning versus penetration testing:

• Scanning and penetration testing are not the same thing, no matter how much the marketing folks working for the scanning tools manufacturers and scanning service providers make it sound that way
• Scanning is never enough, it is only an initial step in the entire assessment process
• Just the scanning step alone done effectively needs multiple scanning tools and multiple over-lapping scans run against the same resources in order to accomplish a thorough job of the scanning step
• Scanning the same resources  with different tools (as just recommended) naturally returns different results in different data formats
• Correlating and normalizing all this desperate scanning data requires special technology: like our proprietary CorrelatedVM™ platform that’s used by all of our pen testers and available (in part) to you through our CorrelatedVM Portal at no additional cost
• Scanning identifies potential vulnerabilities, and the different scanners may recommend different remediation actions – but BriskInfoSec’s CorrelatedVM platform fixes that problem as it correlates and normalizes all the scanning data from multiple scanning products and multiple rounds of scanning into the best set of recommended remediation actions
• Potential vulnerabilities identified by the initial scanning effort need to be verified by experts to eliminate false positives, and to thoroughly analyze the remainder, while also probing for any unidentified vulnerabilities the scanners could not find – this is work that only an expert pen testing company like BriskInfoSec can deliver 

In-depth pen testing to final reporting of findings and recommendations is what sets BriskInfoSec apart, and why we are given the critical responsibility of assessing the security of your most high-value/high-risk external-facing network assets.

The power of CorrelatedVM comes at no cost to you and provides real benefits that only BriskInfoSec can deliver

CorrelatedVM™, our proprietary vulnerability assessment and pen testing management platform, will be utilized for your external network penetration testing service when you hire BriskInfoSec. The CorrelatedVM platform and your complimentary access to its SaaS-based customer portal set our deep-dive pen test work and customer-facing deliverables light years apart from all other pen test services. This one-of-a-kind, powerful platform has been continually enhanced and used exclusively by BriskInfoSec’s elite team of pen test consultants on every pen test engagement for over a decade now.


Once you see our team in action with the CorrelatedVM platform, and what CorrelatedVM can offer your organization in the way of automating and disciplining your external vulnerability assessment efforts, you’ll realize how it solves presently unsolvable problems that will profoundly benefit all of your vulnerability management programs going forward.

Contact us for conduct external security testing against your applications and Network with affordable price info@briskinfosec.com

Zeus Trojan steals funds and recruits Money Mules

Security firm Trusteer detected a new variant of Zeus Trojan that steals funds and recruits Money Mules proposing jobs ads to the victims using Man-in-the-Browser (MitB) techniques.

Zeus Trojan is becoming even more complex, its evolution is unpredictable due to the intense activity in the underground on its source code. Various forums in the underground offer customization service to adapt the behavior of Zeus trojan to new fraud scheme. Last version of the popular Banking Trojan detected by the Trusteer security firm is not only able to steal funds from its victims but it also tries to recruit them as ‘Mules’
Security firm Trusteer revealed that a group of criminals using the popular Zeus banking Trojan has started a recruiting campaign displaying ads for job scams once victim visits a popular job site, CareerBuilder [dot] com.
The investigation conducted by Trusteer focused also on employment websites that have long been a target for cybercriminals searching for the user’s credentials through malware distribution and mule recruitment.
The Zeus Trojan found by  Trusteer uses HTML injection to advertise a mule recruitment site when a victim visits CareerBuilder [dot] com. Mules are an essential component of the scam life cycle, in particular for cash-out money, in the past recruiting web site were used by criminal organizations to recruit these figures.

“Money mules are always a scarce resource and whenever criminals do recruit them, they keep a pretty good eye on them,” he said. “At the end of the day, you really can’t cash out unless you have a mule.” Commented Etay Maor, fraud prevention solution manager with Trusteer.

Typically the criminals create a job opening for “financial managers” with possibility to earn working at home, in reality those people that respond to the announcement serve as the money laundering component for cybercrime gang. Principal employment websites are aware of this illegal practice and have created dedicated security team including anti-fraud competences. The web site used for mule recruitment is marketandtarget [dot]com as reported  in the Zeus Trojan configuration file, site that is currently down.



On the other side malware authors have refined their techniques to avoid controls operated by site managers, the last variant of The Zeus Trojan in fact implements a Man-in-the-Browser (MitB) techniques to present the victim with an advertisement for a mule recruitment site every time he visits CareerBuilder [dot] com.

Man-in-the-Browser malware are commonly used by cybercrime to steal data from victims or to redirect them to compromised web sites such as the specific case we are analyzing.

The variant of Zeus trojan using HTML inject adds data fields or to present bogus messages to redirect  the victim to a fake job offering while he is visiting legitimate employment site CareerBuilder [dot] com, in this way the victim plays redirection as a legitimate operation of the access to a job opportunity.
The availability of the source of Zeus Trojan on the black market potentially opens to an infinite number of possibilities that we will meet in the near future and represents a success for the industry of malicious software.