Client Background
ELDORADO, is the #1 retail chain of electronics and household appliances in Ukraine.
The chain has over 120 modern stores in 57 cities across Ukraine. ELDORADO offers a selection of almost 60,000 models of modern personal equipment from leading manufacturers.
Project trigger
After migrating some IT services to the Cloud, security assessment was needed for prevention purposes to check the cybersecurity protection.
Penetration testing was selected as an assessment method to identify vulnerabilities and exploit them by simulating real attacks to gain access to the corporate network or disclose confidential information.
Solution
As a solution, XRAY CyberSecurity conducted complex testing at the network, application and employee levels.
Testing scope:
– External Network Perimeter of the On-premises and Cloud IT infrastructure;
– Network Perimeter of several retail stores;
– Eldorado.ua — e-commerce web application;
– Social Engineering.
Different attack vectors were tested, both from Internet users and offline store guests.
Methodologies
Our pentesting methodology is based on leading standards like PTES, NIST SP 800-115, OSSTMM, OWASP and improved by our own 15 years of experience.
Tools used
During pentesting, a full set of common pentester tools was used, but the main key to success was manual analysis, interconnecting individual vulnerabilities exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.
Results
The penetration testing results demonstrated the strengths and weaknesses of cyber defense.
XRAY CyberSecurity showed which critical business risks could potentially be exploited by real attackers and developed effective technical and managerial recommendations for handling identified threats.
Additionally, a set of measures and recommendations was developed to improve a cybersecurity awareness program for employees to increase resistance to social engineering attacks.
