Driven to stop every breach

How is it possible for a single actor with very little resources to take over the domain controller of a Swiss bank with a considerable security budget – and in the process also compromise their biometric physical access control system?

Back in 2015, the bank’s CISO asked Antonio, then security researcher at ETH Zurich, to simulate a cyber attack by an external actor. Holding the get-out-of-jail card in his hands, Antonio started reconnaissance. Eventually, he sent four carefully crafted and targeted emails to selected employees over the course of two weeks. The emails contained malicious attachments and were sent from a lookalike domain registered for less than 10 Swiss francs.

Overall, with an investment of less than CHF 100 and a little more than two weeks, Antonio compromised a bank with an annual turnover of several hundreds millions of euros and hundreds of employees. How can this be?

Since the foundation of xorlab in 2015, our goal was and will always be to increase attacker cost. What started with zero-day exploit prevention in browsers and client applications over time evolved into a full-fledged email security platform and will continue until we stop every breach.

Matthias Ganz and Antonio Barresi in 2015, right after the xorlab launch