Penetration testing for a global mobile operator

VEON is a mobile operator providing converged connectivity and online services to around 160 million customers across six countries — over 7% of the world's population.

VEON opened a new large office in Lviv to support finance, procurement and HR operations across Ukraine, Armenia, Georgia, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan. Implementing the entire IT infrastructure from scratch accompanied the new office launch.

Therefore, immediately after IT-services implementation, it was necessary to check the security of all components and eliminate vulnerabilities to prevent compromise.

During pentesting, a full set of common pentester tools was used — but the main key to success was manual analysis: interconnecting individual vulnerability exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.

Twelve exploitation scenarios were implemented. For each attacker model, the ability to compromise IT infrastructure was demonstrated.

• Technical recommendationsFocused on eliminating vulnerabilities and architectural improvements for increased security.
• Executive recommendationsFocused on processes and procedures of the Information Security Management System for maintaining high protection.

An Action plan was developed to help the client prioritise and evaluate resources required to address identified security gaps.