CONTENTS

UNDERSTANDING
INTRODUCTION CYBER-SECURITY ISSUES

Welcome address 4 Top attacks by type 6

2019 Executive Summary 5 Analysis of top Malware by type 8
Analysis of top exploit by type 11
Top attacks by country of origin 16
Analysis of key vulnerability in 2019 18

ABOUT PROTERGO

About Protergo 21
Blue team offering 22
Red team offering 27

2 | P R O T E R G O C Y B E RS E C U R I T Y
ABOUT PROTERGO
We are one of the leading Indonesian cyber-securitY company, Our clients say
that we are quite unique for multiple reasons:

Deep understanding of cyber-security in Indonesia -the 1st in Indonesia to

publish a national cyber-security threat report

International-know-how with Indonesian-roots - our security operation center

in Bintaro comply with BI/ OJK regulations; we are the only Platinum Partner of
AlienVault (used by US Na, CIA)

Innovation as our core value -1st in Indonesia to offer next-gen. anti-virus and
email protection that re-pay if your company is hacked

Above all we are a team of passionate professional -the 1st in Indonesia to use
only certified analysts and penetration testers (CompTIA CySA+, Security+,
Linux+, PCI-DSS, OSCP, ...)

Contact us at info@protergo.id

P R O T E R G O C Y B E RS E C U R I T Y | 3
 INTRODUCTION
1. Welcome address
Welcome to the 1st edition of the Protergo
Indonesia Cyber-Security Report, an annual
publication that we created for our customers,
partners and the industry.
The purpose of this publication is to share our
knowledge on the current state of cyber-security
threats in Indonesia, recommend best-practices
and solutions. What makes this report unique is
the depth of the information contained and the
specific focus on the Indonesian market.
The source of the report is the data collected
from the Protergo’s network of sensors, alarms,
signals, on-premise and on-cloud systems and
services. Every day, Protergo scans over 50+
sensors at different critical points of the
Indonesian infrastructure - assets like
datacenters, telecommunication systems, ISP,
banks, insurances, fintech and other large
enterprises.
A final word about us at Protergo. We started 2
years ago, with one simple objective in mind: be
the best in what we do that is the most trusted
cyber-security company in Indonesia.
4 | P R O T E R G O C Y B E RS E C U R I T Y
In only 2 years we have built some world-class
capabilities in:
Blue team
building one of the first cyber-security
operation center in Indonesia
Red team
penetration testing services using leading
methodologies in the world
We continue nowadays to develop our platform,
using machine learning, automation and
advanced real-time tools to continuously support
our clients.
We hope the readers found the information in this
report helpful, insightful and we sincerely hope
that the report can help organizations to protect
their systems, software and users.
Protergo Cyber-Security Team
// 2020 State of the Cybersecurity in Indonesia

2. 2019 Executive Summary

Digitalization has not been all the time followed-up by adequate cyber-security measures. Many
companies in Indonesia have been left behind in the cyber-security space.

Our top 10 summarizes the learnings from this year into 6 must-know
facts and 3 simple recommendations for CEO/ CTO and IT teams.

Top 6 must-know insights

1. Software 4. Viruses
80% of the threats are software 80% of threats are trojan, worms or
related ransonmware

2. Countries 5. Web exploits

US and Russia are top attackers >50% of vulnerabilities are web-related

3. Vulnerabilities 6. Legacy
100+ vulnerabilities for each ~30% of all vulnerabilities are >10 years
organization old

Our 3 simple recommendations

1. Set-up a security operation center to monitor, detect and block key attacks

2. Run annual penetration testing and quarterly vulnerability scanning

3. Prepare for 2020, supporting work from home through endpoint security, anti data loss
prevention, email and cloud security

Protergo Cyber-Security Team

P R O T E R G O C Y B E RS E C U R I T Y | 5
 UNDERSTANDING
CYBER-SECURITY ISSUES

3. Analysis of top attacks by type

80% of the threats are software-related, specifically from malware
and exploit campaigns to Indonesian companies

In 2019, 5 main types of attacks to Indonesian

companies

Malware
malicious software designed to harm
computer systems

Exploit
active attacks by hackers to
corporate systems

Policy & access violations

employee using non-authorized
Our data shows that
software (e.g., peer to peer) 80% of the attacks are
concentrated in 2 key
Vulnerability
categories, Malware
unpatched software that can be
easily exploited and Exploits attacks as
reported in Chart #1.
Network attacks
network attacks that includes denial
of services and flooding

6 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia

Chart 1:

Top attacks by type

3% Network Attack

5% Vulnerability
43% Malware

8% Other

9%
Policy &
Access Violation

32% Exploit

Malware
Malware is a collection of malicious software
variants, including ransomware, viruses, and
spyware. It usually consists of code created by
cyber attackers, developed to result in extensive
damage to systems and data or to gain unlawful
access to the network. Malware is usually
delivered in the form of a file or link via email.
Exploit
Exploitation is the next stage in an attacker's list
after he spots the vulnerability. Exploits are the
ways through which a vulnerability is leveraged
for nasty activity by hackers; these may include
pieces of the software, arrangements of
commands, or even the open-source exploit kits.

P R O T E R G O C Y B E RS E C U R I T Y | 7
 State of the Cybersecurity in Indonesia // 2020

Vulnerability Policy & Access Violations

Mistakes do occur, even in the process of
developing and coding technology. What’s left
behind from those is commonly called a bug.
While bugs aren’t integrally harmful, many can be
taken benefit of by evil actors—these are called
vulnerabilities. Vulnerabilities can be used to
force the software to act in a way it’s not
designed for, like gaining information regarding
the current security measures in place.
It is the unauthorized access to the files or data.
Policy violation happens when somebody gets
access to more data that he/she is supposed to
have. Usually, the violations happen internally
and these are the company's internal issues.
Common violations include use of peer to peer
networks or file sharing software.

Network attacks
Those are network related attacks that typically include denial of services attacks or network flooding.
Those categories of attacks target specifically the network devices.

3.a Analysis of top Malware by type

Our data shows that 80% of the attacks from Malware are
concentrated in 3 key categories as Trojan, Worms and
Ransomware, those categories are different in the following way:

Trojan
software designed to infiltrate itself and give
hackers the ability to control a software system
remotely.

Worm
software designed to spread across as many devices
and computers as it can in order to increase the
hackers exposure to a given institution.

Ransomware
software designed to block a critical system and
to request for money in order to unlock it.

8 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia

1% Adware 1% Virus

2% Rootkit 1% Bot

1% Spyware

13%
Ransomware

32% 49%
Worm Trojan

Chart 2: Top malware by type

Spyware
Spyware is an executable software that is being
installed on one’s system and would start
monitoring one’s behavior without them noticing
or directly permitting. Spyware contains the term
‘Spy’, which literally means to observe or to
directly monitor one’s activity.
Virus
A computer virus is an agent in a computer
system, first being found and introduced in 1983.
This agent is usually being transmitted cross
devices and usually being transferred through
storage media. After entering a system, a virus
would attach itself to another program. When the
host program is being executed, the virus is being
run alongside the host program.

Bot
Bots are used to execute attacks involving
credential thieves, authorizing illegitimate access,
or distributed denial of service.
Bot attackers can have access to thousands of
computers in one moment of time and
simultaneously command them to execute
malicious activities.
Rootkit
A rootkit is a computer program that is
designated to grant an integrated privilege to
access the system – all the operations are being
carried on stealthily. Rootkit itself is a
combination of two words, they are ‘root’ and
‘kit’. Root talks about the literal root access of a
system. Kit is all about the tool and media.

Adware
Adware is a software designated to burst advertisements up on your display – and is commonly found in
applications, or web browsers.

P R O T E R G O C Y B E RS E C U R I T Y | 9
 State of the Cybersecurity in Indonesia
Client Side Exploit -
Known Vulnerability
Possible MS17-010
Description:
Microsoft released a security update to patch the
MS17-010 vulnerability. This security update
resolves vulnerabilities in Microsoft Windows. The
most severe of the vulnerabilities could allow
remote code execution if an attacker sends
specially crafted messages to a Microsoft Server
Message Block 1.0 (SMBv1) server.
Impact:
Remote Code Execution
Mirai Malware
Description:
Mirai is a malware that turns networked devices running Linux into remotely controlled "bots" that can be
used as part of a botnet in large-scale network attacks.
Impact :
As a self-propagating botnet virus, Mirai can coordinate a DDOS attack. We have detected Mirai since start
of 2019 in Indonesian banks and financial institutions.
Trojan infection — Glupteba
Description:
Glupteba is a trojan-type program, malicious
software that is designed to install other software
of this kind. It is known that cyber criminals
distribute Glupteba through malicious
advertisements that can be injected into legitimate
websites or advertising networks
Impact:
Trojan.Glupteba is usually dropped by exploit kits.
It can download and install further malware and
add the affected system to a botnet. It has the
tendency to pretend to be an updater for legitimate
software. Further impact tus trojan can stolen
browser history, cookies, logins, passwords,
identity theft, exploited router, email spam.
10 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020
Backdoor — DoublePulsar
Description:
DoublePulsar is a backdoor implant tool
developed by the U.S. National Security Agency's
(NSA) Equation Group that was leaked by The
Shadow Brokers in early 2017. The tool infected
more than 200,000 Microsoft Windows
computers, and was used alongside EternalBlue
in the May 2017 WannaCry ransomware attack.
Impact:
DoublePulsar runs in kernel mode, which grants
cybercriminals a high level of control over the
computer system. Once installed, it uses three
commands: ping, kill, and exec, the latter of which
can be used to load malware onto the system
Trojan infection — Virut DGA
Description:
Virut is a malware botnet that is known to be used
for cybercrime activities such as DDoS attacks,
spam, fraud, data theft, and pay-per-install
activities. It spreads through executable file
infection (through infected USB sticks and other
media), and more recently, through compromised
HTML files (thus infecting vulnerable browsers
visiting compromised websites)
Impact:
Malware creators use DGA's because they are
harder to detect compared to hardcoded IPs or
domain names; by not hardcoding the location of
the C&C in the malware binary itself, the attacker
can better hide and protect the mothership
// 2020 State of the Cybersecurity in Indonesia

3.b Analysis of top Exploit by type

90% of the Exploit are either Server Attacks or SMB vulnerability

exploits.

2% 1%
Web Attack SSL Attack

1%
6% Phishing
SQL Injection

30% 60%
SMB Exploit Server Attack

Chart 3: Top Exploit by Type

Server Attack (DOS & DDOS) SMB Exploit

Server attacks are direct attacks to web servers.
Those include DOS & DDOS attacks that are
carried out to disrupt the server activity and
causing downtime. Other type of server attacks
include exploitation to applications, ftp and web
servers.
Microsoft's Server Message Block protocol
(SMB)is a protocol allowing the applications on a
system to modify – read and write files also to
request services over the network. This particular
vulnerability exists due to an obsolete SMB
version, allowing a null session connection
through an anonymous login. The attacker would
be able to send abnormal packets and falsely
execute various commands on the victim’s
system. This EternalBlue vulnerability is
commonly known as (MS17-010).The EternalBlue
has been directly related to the WannaCry
ransomware.

P R O T E R G O C Y B E RS E C U R I T Y | 11
 State of the Cybersecurity in Indonesia
SQL Injection
SQL Injection is a method to execute a web
hacking by entering a malicious code in the SQL
statement through input tabs in a web page. SQL-
I itself is accounted as one of the most common
web-based vulnerabilities. In some cases, SQL
Injection can lead to false deletion of data, data
manipulation, false data insertion, and executing
commands on the server to carry out malicious
activities.
SSL Attack
SSL, or known as Secure Socket Layer or known
as TLS (Transport Layer Security) is a protocol
designed to ensure security in a network
communication by encryption. This protocol is
directly associated with other protocols such as
SMTPS, IMAPS, or HTTPS. For an SSL Attack, it
typically occurs during handshake (request) by a a
mediator between two parties, no other than the
user and the legitimate website. SSL attack could
lead to Heartbleed, Stripping, or information
leakage. This could be dangerous for the user
side, as some of them do not even notice that
they are directly sending their information to the
man in the middle.
12 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020
Phishing
Phishing is simply defined as an attempt to
basically ‘fish’ users to input their sensitive
information such as credentials (username,
password, credit card details, etc.) by mimicking a
legitimate source through an electronic
communication. This Phishing is done by
executing an email spoofing, or through website
duplication platform, or even messages.
Web attack (Cross Site Scripting – XSS)
Cross Site Scripting, more familiarly known as
‘XSS’ is a security vulnerability existing in web-
based applications. XSS attack is carried out by
sending a malicious code (script) through a web
application to different users accessing the same
web application. These codes are embedded as a
browser side script. The XSS itself can run various
commands involving cookie disclosure, session
takeover, malware installation, or unintended
browser redirections.
// 2020 State of the Cybersecurity in Indonesia

3.c Network Attacks

A network attack is made to gain unauthorized access to the

business’s network, in aim to steal data. There are three categories of
network attacks as follows:

DDOS
A distributed denial-of-service (DDoS) attack is an
12%
DDOS
attempt to interrupt the usual traffic of a targeted
server, network or service by overloading the
target or its close infrastructure with excessive 18%
Internet traffic. Flood

Flood
Flood is a Denial of Service (DoS) attack made to
bring a service or network down by drowning it
with a huge volume of traffic. It eventually fills the
host's memory buffer and interrupts the
processes. 70%
Network Anomaly

Network Anomaly
At the core of mastering hacking and stealing data
is the knowledge of anomalous network
behaviors. Anomaly is something that varies from
what is normal, standard or expected.

P R O T E R G O C Y B E RS E C U R I T Y | 13
 State of the Cybersecurity in Indonesia // 2020

3.d Vulnerability

5%
System Scanning

34%
Software Unpatched

61%
Cleartext

Chart 5: Top vulnerability by type

Cleartext
Cleartext is a stored or shared text that is not subjected to encryption and is not intended to be encrypted.

System Scanning Software Unpatched

Credentialed and non-Credentialed scans (also
called authenticated and non-authenticated
scans respectively) are the two key sub-
categories of vulnerability scanning. non-
credentialed scans, do not necessitate
credentials and don't get the trusted access to the
systems to be scanned.
Unpatched systems are key vulnerabilities of an
IT system. Software updates, including security
patches, are usually applied immediately based
on the security policy and procedures designed to
satisfy compliance needs.

14 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia

3.e Category and policy violations attacks

Policy & violation are

unauthorized access to the
files, data or applications. The
sub-categories are as follows:

Access Violation Non Brute attack

13%
This attack is a trial-and-error way used to get
Access Violation Non Brute attack
information like a user password or personal
identification number (PIN).

17%
Policy Violation Policy Violation

Policy violation is the internal act that bypasses or

breaks security policies, procedures or practices.

23%
Backdoor
Backdoor
Backdoor is the undocumented way of obtaining
access to any program, online service or the
whole computer system. A backdoor bypasses
usual authentication mechanisms. It is developed
by the programmer who makes the code for the
program and is a potential security risk.
47%
Bruteforce
Bruteforce
It is the simplest method to gain access to a
server or site (that is password protected). It tries
numerous combinations of usernames and
passwords repeatedly until it gets in.

P R O T E R G O C Y B E RS E C U R I T Y | 15
 State of the Cybersecurity in Indonesia // 2020

4. Top attacks by country of origin

Protego has reviewed all the top attackers in Indonesia by country.

United States and Russia being top recorded attackers to Indonesia.

Distribution of attack sources by country - January to December 2019

49.80% USA 2.43% Germany 0.39% Denmark

10.25% Russia 1.08% Singapore 0.36% Uruguay

5.84% Netherlands 0.91% France 0.24% Mexico

5.55% Indonesia 0.81% Romania 0.12% Thailand

5.37% China 0.59% Sri Lanka 0.08% Poland

5.20% Australia 0.52% India 0.04% Spain

3.62% Samoa 0.50% England 0.03% Sweden

3.23% Italy 0.46% Canada 0.03% South Africa

2.54% Philippine

16 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia

USA The attacks from the USA are typically focused

on two key types of attacks:

50% Malware
out of the total attacks
(Mylobot, Rootkit, Worm, etc.)

Exploit
(SMB Vulnerabilities, XSS, etc.)

Russia The attacks from Russia top attacks’ are slightly

different with mostly two key categories:

10% Network Attack

of the total attacks
(Nmap, MS inbound on Non Standard Port, etc.)

Exploit
(SQL injections, Phishing spam, etc.)

Netherlands And from Netherlands the most common

patterns are:

6% Network Attack
of the total attacks
(Nmap, MS inbound on Non Standard Port, etc.)

Malware
(Adware infection)

P R O T E R G O C Y B E RS E C U R I T Y | 17
 State of the Cybersecurity in Indonesia // 2020

5. Analysis of key vulnerability in 2019

5.1 The average organization had over 100 vulnerabilities;

over 25% of those were exploitable by attackers
(in the critical and high category)

Average number of key vulnerability by type for a typical organization

Info
19 Vulnerabilities
vulnerabilities that will allow attackers to gather
INFO
more information about a system (e.g., banner
information for a web server version).

Low
vulnerabilities that pose limited risk of system
35 compromise; may allow an attacker to gain more
LOW confidential information about a system (e.g., how
many users are connected to a system) but will
not allow an attacker to gain access to the
system.

Medium
25 vulnerabilities that pose some risk of system
MEDIUM compromise; may allow an attacker to gain
confidential information about a system (e.g.,
value of system variables) but will not allow the
attacker to directly exploit the system.

High/ Critical
24
HIGH/ CRITICAL vulnerabilities that allow an attacker to access the
system.

18 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia

5.2 Within the critical/ high category, over 50% of the

vulnerability were web-related, mostly related to PHP and
Web Server administration

Web application/ PHP PHP 53%

Apache 7%
vulnerabilities related to outdated version of PHP. OpenSSL 3%
Microsoft 2%
Oracle 2%
Web server/ Apache phpMyAdmin 2%
PostgreSQL 2%
outdated version of Apache web servers.
http 2%
JBoss 1%
Open SSL SSL 1%
Adobe 1%
vulnerability in the SSL certificate. phpinfo 1%
MySQL 1%
Check 1%
Microsoft SMB
MS 1%
vulnerability in the SMB protocol. DCE 1%
VNC 1%
PRTG 1%
Oracle Asing `secureac`Coo 1%
Untrusted 1%
vulnerable version of the Oracle platform.
Test 1%
OS 1%
phpMyadmin osTicket 1%
webgrind 1%
issues in the phpMyadmin version that allow Galilery 1%
attackers to gain access. HP 1%
XAMPP 1%
Detect 1%
postgreSQL
VMSA 1%
vulnerability in the database (including no Double 1%
password or default password). Vulnerabilities 1%
MacOS 1%
Webmin 1%
Mail 1%
Mort 1%
Unprotected 1%

P R O T E R G O C Y B E RS E C U R I T Y | 19
 State of the Cybersecurity in Indonesia // 2020

5.3 30% of the key vulnerabilities are 3 years old but

surprisingly ~30% of the key vulnerabilities are older than
5 years

Analysis of distribution of key vulnerabilities by year

Older than 2008 2%

2008 0%

2009 1%

2010 1%

2011 4%

2012 7%

2013 6%

2014 6%

2015 14%

2016 23%

2017 9%

2018 14%

2019 8%

20 | P R O T E R G O C Y B E RS E C U R I T Y
What is Protergo doing about
the current situation?

Protergo delivers cyber-security

solutions to over 30+ banks in
Indonesia and 10+ telco players.

Blue team services

a. Security Operation Center

b. Work from Home

c. Remote Desktop

d. Mobile Device Protection

e. Next-generation Antivirus
Red team services
f. Anti Data-Loss Prevention

g. Email Protection a. Vulnerability Assessment

b. Penetration Testing

Protergo is the only

Platinum AlienVault Partner
in Indonesia.

P R O T E R G O C Y B E RS E C U R I T Y | 21
 State of the Cybersecurity in Indonesia
PROTERGO BLUE TEAM SERVICES
1. a. Security Operation Center
What is it?
Our Security Operation Center is located in
Rempoa and fully resourced. We are the only
platinum partner of AlienVault in Indonesia.
AlienVault is the leading Security Operation Center
software provider and is trusted by over 5,000+
clients across the world, including NASDAQ,
Mastercard, U.S. Airforce, Bank of Ireland, New
York Times and many others.
How does it work?
Protergo Security Operation Center
- installs agents into your servers to prevent
security issues
- installs agents into an appliance on your central
network switch to monitor the traffic that is
detected in your internal network
Key Clients using this solution
22 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020
Blue Team Service
Benefits & Features
We integrate 4 different functionalities in one
simple solution that it's easy to be deployed and
managed:
Asset Discovery
Know who and what is connected to your
environment at all times. Have a real time asset
inventory of all your hosts.
Vulnerability Assessment
Automatically assess and find your vulnerabilities
before an exploit or intrusion. Our team works
together with you to patch the most important
issues.
Intrusion Detection
Be alerted to suspicious activities with host and
network intrusion detection system and cloud
intrusion detection system.
SIEM & Log Management
Correlate and analyze event data from across your
environment. Manage logs seamlessly.
// 2020
Blue Team Service
1. b. Protergo Work From Home
What is it?
Protergo WORK FROM HOME is an Endpoint
(mobile phone and laptop) Management solution
that gives protection and control over your
organization's corporate devices by enabling
secure access to the apps and data in it. Protego
WORK FROM HOME offers support for Android,
iOS, Windows (PC and Phone), macOS, and tvOS
endpoints.
How does it work?
Protergo Work From Home
- installs agent into employee's devices, BYOD or
corporate devices to protect against emerging
threats and prevent security issue.
- offers services that include the remote
monitoring of the workforce.
Key Clients using this solution
State of the Cybersecurity in Indonesia
Benefits & Features
Understand where your employees are
Locate device GPS to solve stolen or lost devices
Control of the activities
Remote view and control help admins
troubleshoot the devices remotely.
Restrict functionalities
Selectively restrict device functionalities (e.g., usb,
websites, …)
Install/ Remove software remotely
Provision, deploy and manage mobile applications
Ensure compliance
Check and enforce compliance across the entire
device fleet.
Basic security in place
Block unwanted URLs with Web Content Filtering.
P R O T E R G O C Y B E RS E C U R I T Y | 23
 State of the Cybersecurity in Indonesia // 2020

Blue Team Service

1. c. Protergo Mobile Device Protection

What is it? Benefits & Features

Protergo Mobile Protection is a mobile cyber- - Protection from SMS & Social Attacks
security product that uses predictive AI
technology to identity and stop security threats. - Protection from Network Attacks
Protergo Mobile Protection's predictive protection
comes from its AI engine which applies learning - Protection from Mobile Malware
models to identify and stop emerging threats from
compromising corporate data. - Protection from Device Based Attacks

- Media Phishing Attacks (e.g., malicious

How does it work? images)

- Vulnerabilities & patch level details

- Protergo Mobile Protection installed on the
corporate or personal mobile devices to stop - Protect end user privacy with Secure DNS
security threats over HTTPS/TLS

- Protergo Mobile Protection uses Artificial - Deep visibility into OS

Intelligence (AI) actively on mobile devices to
monitor, learn and protect your corporate data and
your devices from emerging threats

Key Clients using this solution

24 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia

Blue Team Service

1. d. Protergo Next Generation Anti-Virus

What is it? Benefits & Features

Protergo Next Generation Anti-Virus is an anti-
virus program that offers unique characteristics
such as AI based control of virus. Protergo Next
Generation Anti-Virus does not use signatures and
is able to detect and block viruses as they spread.
The unique selling point of Protergo's next
generation anti-virus is that Protergo is so
confident about this product that we will pay the
ransom for you if any system is infected.
- Static AI on the endpoint prevents attacks
in-line in real time
- Consistently ranked for highest efficacy and
lowest false-positives
- Surgically reversing and removing any
malicious activity

How does it work?

- As any normal anti-virus is installed into servers/

laptop and end-points

- It is then connected to a cloud system that allow

administration of the end-points including end-
point management

Key Clients using this solution

#1 French Over 40+ Leading Banks and #1 Airline

Banking Group Insurances around the World in Asia

#1 US Public #1 Oil & Gas Company

University in the World

P R O T E R G O C Y B E RS E C U R I T Y | 25
 State of the Cybersecurity in Indonesia
1. e. Protergo Anti Data Loss Prevention
What is it?
Protergo Anti Data Loss prevention is a cyber-
security product that uses predictive AI
technology to identify and stop the spreading of
confidential data from the computers of
employees to the outside world.
How does it work?
Protergo Anti-Data Loss Prevention installed on
the corporate or personal mobile devices to stop
data losses
1. f. E-mail protection
What is it?
Protergo Email Protection protects email from
malware to keep your corporate protected from
information stealer.
How does it work?
Protergo Email Protection installs an appliance
connected to your email servers
26 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020
Blue Team Service
Benefits & Features
- Avoid that confidential information and data
is sent outside the organization
- Can block multiple type of data losses
attacks (Excel, email, database, etc.)
- Can block employees from sharing the data
over email, web, sharing and chat programs
- Can block employees from sharing the data
over cloud such as Google Mail or Office 365
Benefits & Features
Protergo Email Protection helps you secure and
control inbound and outbound email.
With Email Protection, you can protect your
people, data, and brand from today's threats such
as
- Impostor email
- Phishing
- Malware
- Spam
- Bulk mail
// 2020 State of the Cybersecurity in Indonesia

Red Team Service

PROTERGO RED TEAM SERVICES

Protergo offers two types of red team services

Penetration testing Vulnerability assessment

Why Penetration testing and Vulnerability assessment

are important?
It's critical to do vulnerability assessment and penetration testing.

Based on MENKOMINFO/No./11/2018, This is even more important now with

21/SEOJK.03/2017 and 38/POJK.03/2016 Banks digitalization. As banks and other companies are
are required to do penetration testing and digitizing, new features are introduced, such as QR
vulnerability assessment. Those are important for system, Cash in/out, Customer onboarding online,
banks and other institutions, so that attacks can Mobile/internet banking, Open Banking API, Third
be simulated, prevented and avoided. party data verification, Online loan opening and
many more. With those extensions it means that
Penetration testing and vulnerability assessment the threats coming from digital security is more
will guide the next action to fix IT systems and more relevant nowadays.
improvement. With Penetration Testing and
Vulnerability Assessment banks and other
institutions discover their own weaknesses on IT
systems, so they can take action to protect it
before someone malicious can get access to those
systems.

P R O T E R G O C Y B E RS E C U R I T Y | 27
 State of the Cybersecurity in Indonesia // 2020

Red Team Service

What makes Protergo's penetration testing and

vulnerability assessment unique?

Protergo differentiates itself for Penetration testing and vulnerability assessment across 3 main dimensions:

Methodology People Track Record

which methodology do we use what are the human resources what are the previous projects
for penetration testing? involved for penetration testing? done by the team?

Why is Protergo's methodology Unique?

Protergo is the first in Indonesia to use a world-
class MITRE framework to define potential attack
scenarios. Based on real-world attacks used on
other financial institutions and before the
penetration testing itself. With MITRE, Protergo is
the first company in Indonesia to take very
seriously the human element, typically ignored by
penetration testing.
Best in class quality at the right prices. Forget the
old extremely slow and manual penetration
testing, we use AI and Robotic Process
Automation to speed-up the penetration testing.
Higher quality using technology.

28 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020
Red Team Service
Last but not least, we use proven world-class methodologies
MITRE ATT&CK® is a world-class knowledge base
for adversary tactics and techniques based on
real-world observations. The ATT&CK is used to
develop specific threat models that inform our
penetration tests.
The benefit of using the MITRE attack framework
is to ensure that Protergo and the Clients spend
more time upfront to discuss about potential
scenarios before the penetration testing begin.
This allow the team to be much more focused
during the penetration testing and ultimately give
the Client much better and more realistic results.
Moreover, with MITRE, the human element is
taken into account since the beginning. So
Phishing, Social Engineering attacks can be
simulated.
Offensive Security Certified Professional is the
best-in-the-world ethical hacking certification
offered by Offensive Security.
Protego's Penetration testing methodology,
it's based on the following steps:
Pre-attack
Spend time upfront to discuss the attack
scenarios
Scanning and Reconnaissance
Getting to know the target using passive methods
like researching publicly available information and
network scanning.
Threat Modeling
A description or model of all the security concerns
and why they should be resolved.
State of the Cybersecurity in Indonesia
CVE® is a world standard for cybersecurity
products and services from around the world,
such as the U.S. National Vulnerability Database
(NVD).
Open Web Application Security Project (OWASP) is
a nonprofit foundation that works to improve the
security of software. The OWASP Foundation is
the source for developers and technologists to
secure the web.
The NIST Cyber security Framework provides a
policy framework of computer security guidance
for how private sector organizations in the United
States to prevent, detect, and respond to cyber-
attacks.
Vulnerability Analysis
Identifying vulnerabilities and determining their
severity.
Exploitation
Gaining access by breaching security of a system
or finding an bug to exploit in the software.
Post-Exploitation Reporting
Detailing the vulnerabilities found and providing
information on potential impact on the company if
exploited.
P R O T E R G O C Y B E RS E C U R I T Y | 29
 State of the Cybersecurity in Indonesia // 2020

Red Team Service

Why Protergo's approach to people is Unique?

We are the first one in Indonesia to use a local team combined with an international team of penetration
testing experts. See the following figures for the key details.

Local Indonesian Team International Team

Indonesian team carry-on Protergo hires a team of international
all the tests for Protergo penetration tester to cross-review the results

Have unique knowledge of Role of this team is to ensure the quality

the Indonesian context of the penetration testing is very high

Moreover, our penetration testers are certified by OSCP and OSWE. This allows Protergo to offer the
best in class penetration testing services to our Clients.

Penetration testing Advanced Web Attacks & Cracking the Perimeter

with Kali Linux (PWK) Exploitation (AWAE) (CTP)

Advanced Windows Wireless Attacks

Exploitation (AWE) (WIFU)

30 | P R O T E R G O C Y B E RS E C U R I T Y
// 2020 State of the Cybersecurity in Indonesia

Red Team Service

Why is Protergo's track-record Unique?

Protergo has a strong experience in the banking sectors. Please find below some examples of the penetration
testing that we have completed over the past years

Sector Example of clients

Banking Digital Cash Mobile (Penetration Testing)

Banking Penetration Testing (Open API)

SOE Bank Penetration Testing, Vulnerability Assessment

SOE Bank Web Application Penetration Testing

Banking Internal Network Penetration Testing, Vulnerability Assessment

Banking Web Application Penetration Testing

Banking Web Application Penetration Testing (cash management system)

Banking Android Mobile Penetration Testing

Banking Web Application Penetration Testing

Banking Internal Network Penetration Testing, Vulnerability Assessment

Telco Internal Network Penetration Testing, web application

P R O T E R G O C Y B E RS E C U R I T Y | 31
Get in touch
Jl. Rempoa Raya No.11, Rempoa,
Kec. Ciputat Tim., Kota Tangerang Selatan, Banten 15412

www.protergo.id