Cyber Espial is a cyber security company registered and incorporated in Pakistan and provide cybersecurity services to the worldwide Public & Private sector, including SAAS, Retailers and Governments. Cyber Espial provides services of Web & Network Penetration Testing, Red Teaming, Email server security and consultancy services as vCISO.
Along with this, Cyber Espial perform Vulnerability Assessment test to identify potential zero-day system’s vulnerabilities in SAAS, Retailers and Governments’ systems. And report them back to the authorities. Cyber Espial believes every vulnerability could be exploited and can cause certain level of cyber attacks against the companies and governments.
With this belief, Cyber Espial, after identifying vulnerabilities contact Founder(s), CEO, CTO, CIO, CISO, Cyber Security Engineers (Team) and Developers of the relevant companies and entities and send them email with detail of vulnerabilities potential risk, impact and severity level by using Sales & Marketing prefilled templates. And with the help of internal cybersecurity team, Cyber Espial patch vulnerabilities for secure operation of their business.
If you’re a Founder, CEO, CTO, CIO, CISO, Cyber Security Team or the Developers of such company or internal security team of the Government/Country who received such marketing emails with proposal and alert of potential risk and impact of security vulnerabilities in their digital system, then this article may help you in understanding the basic of Cyber Espial Operation in Vulnerability Reporting.
Before sending an email to you, Cyber Espial Team carefully identify zero-day vulnerabilities by using ‘bug-hunters’ approach to only test systems for the relevant vulnerabilities without affecting system. If Cyber Espial team ables to identify any vulnerability then team perform analysis to check vulnerabilities risks and impacts. Like, if certain identified vulnerabilities were identified by cyber criminals or by black hat hackers then how they can exploit them and what level of the company’s internal or its user’s data they can access and then Cyber Espial team set vulnerabilities severity level from ‘High’, ‘Critical’, and ‘Medium’. In the email, we mentioned the severity level which we set after careful analysis of vulnerability impact on the business operation and what level of information could be accessed after exploitation. Emails are sent from the perspective of the malicious actors with prefilled Sales & Markeitng prefilled Templates. Also, Cyber Espial cannot share actual details on the email messages as they are mainly used for the Sales & Marketing purposes and Cyber Espial can’t assure who is the actual email account holder. Cyber Espial invites staff including CEO, CTO, CISO, CIO or the senior officers from the Governments on virtual meetings to clarify the content of messages and purpose of Cyber Espial contacts to the relevant authorities. Cyber Espial’s CEO host these virtual meetings and describe company business operation, nature and the actual purpose of company Sales emails. It is responsiblity of the Cyber Espial to clarify its objectives and understand its potential clients business operation on receiving of the Vulnerabilities Report. Cyber Espial can’t impose any of its rules and principles to the authorities and it is mandatory for Cyber Espial to accept relevant authorities opinions which they described during the virtual meeting.
Vulnerabilities Report is a complete documented PDF file contains details of the vulnerabilities which can help internal or the executive team to identify, reproduce and patch vulnerabilities. Our Report contain details about the origin of the vulnerabilities, (POC) reproduction steps of vulnerabilities to help internal team in creating a mock cyber attack by using methods used by black hat hackers or cyber criminals to exploit vulnerabilities, risk & impact level such as on exploitation of the vulnerabilities, what level of the information could be accessed or what type of the company system may cause service disruptions, and remediation of vulnerabilities to patch identified vulnerabilities. Such detail level report is highly uesful and helpful to the internal team to get all in depth understanding related to their system’s vulnerabilities.
Cyber Espial shares Vulnerability Report which contain above mentioned details for a fee. After finding bugs, Cyber Espial’s team checks what the average bounty companies are paying to the researchers, what is severity of these bugs, what is the niche of the company and how these bugs can help hackers to infiltrate the company normal business flow. For Government, same level of analysis performed to check How any cyber criminals could perform small to advance level of attack on Government’s digital assets including but not limited to the government websites, webportals, network, broadcast After this analysis, Cyber Espial set prices for each bug and ask the company to pay. Yes, companies don’t ask for the vulnerabilities reports and they have rights to pay and to do not pay Cyber Espial to get the Vulnerability Report.
Here it is necessary to understand that Cyber Espial charge advance fee from total of the fee. Such as Cyber Espial’s team sets price of 2000$ for the report which contain Critical and Medium level vulnerabilities, then Cyber Espial will charge 500$ or 800$ in advance and remaining fee of 1500$ or 1200$ after sharing the report. Keep in mind that Cyber Espial don’t charge higher amount of fee in advance. Maybe you’re thinking like many others that after paying advance fee what if Cyber Espial didn’t share the report which they claimed contain important details related to vulnerabilities or what if they run away with the advance fee. The answer is, let Cyber Espial sign your NDA on your terms & conditions. Control Cyber Espial’s team by collecting their identity and business registeration information before paying any fee. First get the information you want, then pay. At any stage of negotiating with you, Cyber Espial will not force you and your company to pay at any cost. Yes, we charge advance fee before sharing the report like many other cybersecurity companies however, it could be lowered if company hesitates to pay higher amount as advance.
At this stage if internal team thinks that if they didn’t pay Cyber Espial then Cyber Espial’s team may cause problems for them or they will sell their data to the criminals or will blackmail them. And if they will pay Cyber Espial with this mindset, then Cyber Espial don’t need such fee/money. Cyber Espial is a registered cybersecurity company and they have track record of providing its services to the small, medium, bigger and Enterprise level of companies which have millions and billions dollar annual sales revenue such as SeaGroup, Monday, AboutYou and many others. Cyber Espial has worked with industry standard ethical guidelines and rules. Cyber Espial believes that if they are doing hard effort on identifying and reporting the vulnerabilities to companies and governments then they should understand this and respect efforts of Cyber Espial and pay advance fee to receive the report (if such contracts have been signed by both parties) which could helps them in securing their own clients and corporate data. They should think that they are paying this fee on their data cyber security and for the report which could help them in securing their own business core functionality, sensitive data and their user’s data and this report can save them fom higher compliance fine. If they have concerns then they should discuss with Cyber Espial’s team prior to any transaction.
Companies before paying any advance fee should allow Cyber Espial to sign their NDA just like a normal business agreement between two parties related to the payments and the security & privacy of the their data. For Governments, it is necessary for the PS, Secretaries or any other officers to discuss their operation with Cyber Espial and they can allow Cyber Espial team to sign their contracts and agreements in case of potential collaboration. Some governments has their own CERT/CIRT departments who handle such issues and Cyber Espial can share their reports after verifying with senior officers. Cyber Espial would be responsible to not only helping in identification of the vulnerabilities but to provide a consultancy to implement accurate patches.
After signing of the NDA, Cyber Espial’s share the invoices for the advance fee. Invoices are important to be shared by Cyber Espial as they can be used legally in any case. Cyber Espial charge every fee for the report or for their services into business bank accounts. Companies can trace the real user or the account holder by using account numbers.
Contact to ask any question related to this post!
version – 13