The Best Penetration Testing (Pentest) Service in Indonesia

LOGIQUE Digital Indonesia Upholds World-Class Standards Regarding its Pentest Services.

In carrying out the penetration testing (pentest) process, Logique is supported by a team of experienced Pentesters who hold ceh (Certified Ethical Hacker) and CSCU (Certified Secure Computer User) certifications from the EC-Council, so there is no need to doubt our capabilities.

Why Is It Necessary To Conduct Penetration Testing On Your Systems?

By conducting the penetration testing (pentest) process, the overall strength of your own website will be revealed. Any applications or network defense systems you have installed can therefore test their effectiveness against instances of cybercrime as well as various other disturbances.

Cyber security is a feature that needs to be consistently improved, especially if you have a business that applies the use of digital media. Cyberattacks already present the biggest threat to any company. A study conducted at the University of Maryland states that hacker attacks occur every 39 seconds on average.

Do not delay in aiming to improve the overall security of your Website & Applications in order to avoid the ever-increasing risk of cyberattacks.

Contact Us Now!

Top Banner
  • What is CyberSecurity?
  • Does it matter?
  • How dangerous are those cyber threats?
  • Am I protected?
  • Can hackers steal my data or information?
  • How will it affect my business??
  • How do I protect my business and data?

LOGIQUE Aims to Assist you in Finding Answers to the Above Questions


DO YOU KNOW ABOUT CYBER SECURITY HAZARDS?


An Indonesian airline once fell victim to a cyberattack, resulting in the leakage of their internal passenger data. The leaked data stems from two databases. The first database contains 21 million and the other contains 14 million. Indonesian Telecommunications companies have also become the victims of cyber-attacks by way of web defacing techniques. "Web deface" refers to changing the overall appearance of a website, starting from the main page, index file, or other pages that are still bound to the URL of the website.

Several cyber security incidents have occurred which not only have targeted a variety of companies, but also government agencies. Based on the data obtained from the CSIS (Center for Strategic & International Studies) there are several state institutions in the world that have fallen victim to coordinated hacking efforts. For example, hackers who once targeted specific U.S. cancer agencies sought to retrieve information related to cutting-edge cancer research.

According to the 2021 ENISA Threat Landscape Report (which can be download here; or, you can see a summary of the report in Indonesian we have provided here), it is known that cyber security risks throughout the world have increased exponentially.

This is certainly a problem that needs to be prioritized. Your company must indeed take immediate action to curb the potential breach of your systems.





NOTABLE CASES

DATA BREACHES BASED ON THE NUMBERS
Date Breaches have continued to present a serious threat to all companies around the world. This has happened due to the fact that hackers have continued to experiment with a number of new techniques to successfully access your data, as well as take advantage of the increase in online presence due to the high use of services on online platforms used by the general public today.

In order to break into a company's overall security systems and access any particular company’s sensitive data, especially in regards to personal data, hackers will generally combine a variety of more sophisticated infiltration techniques. For example, by using malicious software ransomware or with supply chain attacks.

Based on the data presented in the ETL 2021 (ENISA Threat Landscape 2021) obtained from Verizon's DBIR (Data Breach Investigations Report), it is known that within certain financial sector companies there exist as many as 44% of data breaches which have been caused by internal actors. In the public administration sector, 70% of data breaches have been caused by instances of social engineering and 15% of the errors are due to misconfiguration and mis-delivery. Then, in the healthcare sector, the main causes mainly originate from instances of mis-delivery, publishing errors, and misconfiguration. Whereas in the information sector, basic web application attacks, system crashes and glitches account for 83% of all data breach cases.

Various incidents related to data threats also have occurred during the ETL 2021 reporting period. The following figure shows the trends observed based on OSINT (Open-Source Intelligence), collected by the ENISA.

Various incidents related to threats to data also occurred during the ETL 2021 reporting period. The following figure shows the observed incident trends based on OSINT (Open Source Intelligence) and collected by ENISA.
grafik-1

In addition, it is necessary to understand that due to the Covid-19 pandemic, the cybersecurity trends presented within the healthcare industry have experienced a rapid surge in cases. This can be interpreted as such because when the Covid-19 pandemic occurred, the healthcare sector was in the spotlight and threat actors took advantage of it to hit the sector that was in a critical period. Due to the pandemic conditions, the provision of online health services and telemedicine has increased users, prompting hackers to take medical data that has increased and collected rapidly.

Data regarding incidents in healthcare observed through OSINT by ENISA:
grafik-2

In Indonesia itself, the State Cyber and Password Agency (BSSN) revealed that in 2021 there were at least more than 1.6 billion or precisely 1,637,973,022 anomalous traffic or cyberattacks that occurred. In fact, this trend is predicted to increase, where malware has the potential to be the largest type of cyberattack.


Setiap hari terdapat 24.000 jenis aplikasi seluler yang diblokir karena berpotensi terjadi pelanggaran data di dalamnya. Di sisi lain, serangan terhadap seluruh perangkat yang terhubung ke internet juga terus mengalami peningkatan.

Bahkan di tahun 2017, angka ini naik sebanyak 600 persen. Bukan hanya itu saja, setiap tahunnya serangan ransomware juga terus mengalami pertumbuhan hingga lebih dari 350 persen setiap tahunnya. Ransomware merupakan jenis malware yang dapat mengambil alih komputer dan mencegah pengguna sah untuk mengakses data sampai tebusan yang diminta dibayarkan. Hacker juga akan mengancam untuk mempublikasikan data-data sensitif korban jika tebusan tidak dibayar.

Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) di bawah naungan BSSN juga mengungkapkan bahwa selama 10 bulan pertama di tahun 2018 telah terdeteksi lebih dari 200 juta serangan cyber ke Indonesia.

Berdasarkan data statistik dan berbagai kasus yang telah terjadi di seluruh dunia, peningkatan pelanggaran data terus terjadi dalam skala yang besar. Hal ini terjadi karena sistem keamanan yang lemah serta kurangnya security awareness dari penggunanya. Perlu Anda ketahui, sebanyak 95 persen pelanggaran keamanan cyber yang terjadi juga disebabkan karena faktor kesalahan manusia.

Di Indonesia sendiri, sudah banyak kasus serangan cyber yang pernah terjadi dan sebagian besar korbannya adalah perusahaan. Sepanjang tahun 2018, telah terjadi sekitar 4000 laporan terkait kasus kejahatan cyber, dan dari jumlah tersebut kasus serangan cyber paling banyak terjadi di wilayah Jakarta.

Sekitar 24.000 aplikasi seluler berbahaya diblokir setiap hari
Serangan IoT meningkat 600% pada 2017
serangan ransomware tumbuh lebih dari 350% setiap tahun
EXAMPLES OF KEY CYBER SECURITY INCIDENTS
The rampant cyber security incidents have not only sought to target private entities, but also government agencies. In Indonesia itself, the need for data protection is increasingly urgent. In fact, some experts say that the leakage of personal data within Indonesia already exists on an emergency level.

In 2021-2022, the number of cases of alleged data violations have been skyrocketing, ranging from data on participants within the government health insurance program for up to 279 million, data leaks concerning 1.3 million passenger verification application users, SIM Card registration data which is claimed to amount to 1.3 billion from four operators, customer data from insurance companies which amounts to as many as 2 million individuals, customer data from state companies within the field of electrical energy of up to 17 million, as well as many other alleged data leaks. The sensitive data that has been rumored to have been successfully exposed is generally in regards to personal data, which holds articles of information such as full names, ID cards, phone numbers, emails, financial data, and much more.

Based on the data obtained from the CSIS (Center for Strategic & International Studies) there are a variety of countries in the world that have experienced a critical level of cybersecurity incidents. Hackers once carried out a DDoS attack in order to temporarily remove the website of Taiwan's presidential office. The Taiwanese government attributed the attack to foreign instigators and stated that the website could operate normally after 20 minutes. An attack has also targeted users of Australia's largest Chinese-speaking platform. The hacker in question has made more than 20 million attempts to reset user passwords in the platform's registration system. Regarding another example, a hacker claimed to have obtained a file containing info in regards to 1 billion Chinese citizens from a Shanghai police database and posted the data for sale online.

WHERE ARE THE ATTACKS COMING FROM?
Broadly speaking, there are four categories of cybersecurity threats.

  • State-sponsored actors
    Target: the entire computer system
    State-sponsored actors carry out attacks on behalf of the state and will generally be sponsored or supported by government entities. The main target is an entire computer system with cyberwarfare/espionage motivations for political, economic, and/or military agendas. These perpetrators are known to play the "long game", where they will use a number of tactics to secretly access systems and networks, then explore those systems for months or years.

  • Cybercriminals
    Target: The company
    Cybercriminals are malicious actors who carry out a number of data breaches and are motivated to receive certain financial benefits from this endeavor. They will attack a variety of specified targets using a variety of techniques ranging from phishing, ransomware, cryptominers, remote access Trojans, exploit kits, social media, data/financial theft, extortion, and blackmail. The goal is to steal personally identifiable information (PII) such as credit card numbers, account credentials, and NIK (Identity Number) and then monetize it on the black market (Dark Web).

  • Hacktivist
    Target: government agencies, companies, and individuals
    Hacktivists’ main targets range from government agencies, companies, to individual targets. They generally carry out attacks for several reasons which are political, social, or economic in nature. Just like other malicious actors, hacktivists will also apply a number of techniques ranging from malware, DDoS attacks, or web page defacement. Through these techniques, they can effectively expose information, effectively cornering the target in question. One example of a hacktivist group is Anonymous.

  • The Lone Wolf
    Target: the company/financial institution and its network
    The Lone Wolf carries out a number of attacks on financial institutions and their networks. The goal is of course to gain financial benefits and gain network access. These types of hackers are difficult to catch because they will generally work individually and operate within the black market (Dark Web). In addition, they also sell malware to other hackers.


WHO IS AFFECTED BY CYBERATTACKS?
Research has revealed that 45% of data breaches occur within the cloud. This happens because of the lack of data protection and increasingly sophisticated exploitation techniques, causing an increase in the amount of data that has been successfully hacked and compromised. In addition, Covid-19 has also made remote working systems increasingly commonly practiced, thus encouraging cyberattacks to occur. This makes cyber security attacks continue to increase during 2020 and 2021, not only in terms of the numbers but also related to the impacts caused.

The SANS Institute has noted that in recent years there have been about 74,000 employees, contractors and suppliers affected by data breaches due to stolen company laptops. This is exacerbated by the fact that the data in it is not properly encrypted. A survey also revealed that in 2020, 26% of ransomware attack victims paid a ransom to get their data back. This number has risen to 32% in 2021.

Of course, cyberattacks affect many parties ranging from companies, institutions, customers, or even employees in the company itself. Perceived losses can include many things ranging from damage and destruction of data, stolen money, loss of productivity, intellectual property theft, theft of personal and financial data, embezzlement, fraud, post-attack disruption of business activities, forensic investigations, data and system recovery, to reputational damage.
dampak-1
dampak-2
dampak-3


HOW MUCH DOES IT COST TO BE A TARGET?
Ransomware is a type of malicious cyberattack in which an attacker encrypts an organization's data and demands a ransom payment to restore access. In some cases, attackers can also steal organizational information and request additional payments in exchange for not disclosing information to authorities, competitors, or the public. Regarding these types of ransomware attacks, in ETL 2021 it is known that in 2020 the average ransom requested has more than doubled to $170,000, where previously in 2019 it was around $80,000.

Then regarding the case of data breaches, IBM Security through the IBM Cost of a Data Breach Report 2022 revealed that the total global average cost of data breaches increased to USD 4.35 million in 2022. IBM also revealed that the top 5 industries based on the average cost of a data breach are the healthcare industry in first place ($10.10), followed by industries in the financial sector ($5.97), pharmaceuticals ($5.01), technology ($4.97), and energy ($4.72).

In Indonesia itself, the Financial Services Authority (OJK) once mentioned that there were losses worth IDR 246 billion caused by cyber-attacks on banks in Indonesia in the period 1st semester of 2020 to semester 1 of 2021. Then in the same period, there is a potential loss that can arise with a nominal value of rp 208 billion. Furthermore, based on data from the International Monetary Fund (IMF) 2020, it is known that the estimated total average loss experienced by the financial services sector globally due to cyberattacks can reach USD 100 billion or more than IDR 1,433 trillion. Cybersecurity Ventures has also mentioned that the total estimated cost of damage globally will grow by 15% per year over the next five years and reach $10.5 trillion per year by 2025.

Hackers will generally run a number of attacks such as by locking the system and then asking for a ransom so that the system can be accessed again. In addition, cyberattacks can also occur due to vulnerabilities or loopholes in the software used by the company. With the proliferation of cyberattacks, the need for companies to increase resilience to the systems they use is increasing. Cyber security services are becoming increasingly needed to anticipate the potential risk of attacks amid the digitalization trend carried out by various industrial sectors.
Sekitar 24.000 aplikasi seluler berbahaya diblokir setiap hari
Serangan IoT meningkat 600% pada 2017
serangan ransomware tumbuh lebih dari 350% setiap tahun
Sekitar 24.000 aplikasi seluler berbahaya diblokir setiap hari
Serangan IoT meningkat 600% pada 2017


CAN YOUR COMPANY INCUR A CYBER ATTACK?
Currently, as many as 74% of companies have more than 1,000 very sensitive data archives, of which 21 percent are not given good and qualified protection. In addition, 41% of companies also have more than 1,000 sensitive files, including credit card numbers and other financial records that are not well protected. Not only that, based on Varonis data, 65% of companies have 500 users who have never changed their passwords.

Based on data obtained from Verizon, the Data Breach Investigations Report (DBIR) 2021 has revealed that as many as 85% of data breach cases involve human instigators. This shows that hackers often take advantage of mistakes made by humans, they realize that humans can be the weakest chain in the security system. This is what makes social engineering attacks or miscellaneous errors (such as when employees accidentally compromise the company’s data) the main method exploited by hackers.

In 2020, adware-type malware has also been increasingly present throughout Android devices. The State of Malware Report 2021 reported that on Android devices, 704,418 had detected various hidden ads & malware, and showed that there was an increase in this regard of almost 149%. This malware generally infects the system because users have unknowingly installed certain legitimate applications bundled with the aforementioned malware. The second cause is due to certain vulnerabilities in the software or operating system used. The vulnerability is then exploited by hackers to include malware within it.

In the first quarter of 2021, the volume of cryptojacking infections also reached a record high compared to recent years. Statistics have shown that during the first quarter of 2021, infections increased by 117%.
74% perusahaan memiliki lebih dari 1000 file sensitif

21% dari semua file tidak di lindungi dalam cara apapun

41% perusahaan memiliki 1000 file sensitif termasuk nomor kartu kredit serta catatan kesehatan yang tidak dilindungi
65% perusahaan memiliki lebih dari 500 pengguna yang tidak pernah diminta mengubah kata sandi
85% kasus pelanggaran data human error di dalamnya


HiddenAds Malware terdeteksi sebanyak 704.418 di perangkat Android ( meningkat hampir 149% )
Infeksi cryptojacking meningkat sebesar 117%


What is
Penetration Testing?


Penetration testing services, often shortened to the term “pentest”, is a term used when someone performs security testing on a system, application, or network.

Such activities are carried out in order to find out whether the system’s overall security protections possess loopholes. This is so that holes within the system can be immediately corrected by patching. This is done so that the security contained in a system or application being tested becomes impenetrable. In addition to conducting testing, pentest services also document the level of security of the system or application to be tested for subsequent reports or reports to the company / customer. Before conducting a penetration test, there will usually be a contract between the auditor / pentester and the company that aims for the application or system to be tested.



The general targets penetration testing focuses on includes:

  • Mobile apps (iOs &Android), web, and desktop.
  • Services that use an internet connection (website, VPN endpoint, e-mail infrastructure, extranet, and others).
  • Internal systems or services contained in the network (Active Directory, Exchange, etc.).
  • Internal network.
  • Company employees to avoid issues to do with human error.
Top Banner
Why is penetration testing your digital systems necessary?
Penetration tests are performed to identify whether an application, computer system, or a network has security weaknesses. If a flaw is found and can be proven by some risk analysis, then you will have time to be able to repair the system before someone irresponsible takes a chance from the weakness gap found. Through the use of good security systems, the company's sensitive data can thus be protected which results in the company avoiding unnecessary expenses and losses in the future.


What are the advantages of penetration testing your digital infrastructure?
Penetration testing techniques present several key advantages, including:


KelebihanEXCESS
  • Can be done quickly with little time, resulting in an overall cheap price.
  • The skills required to perform certain penetration testing techniques are relatively lower when compared to performing the testing technique using source code checks
  • Live testing is performed on the code used (exposed)


Why should you choose Logique Digital Indonesia to pentest your system?

Logique Digital Indonesia has experienced testers specifically trained in finding security loopholes present in a wide variety of websites and applications. In carrying out these necessary security tests, Logique Digital Indonesia’s professional team of pentesters will always apply a certain level of operational standards used internationally, by all pentesters around the world. If needed, Logique Digital Indonesia can also conduct penetration tests on the spot, where the IT security team will come to the company and conduct tests directly.

The entire security team at Logique also possesses certificates; their capabilities are unquestionable. Here are the various certifications we have:

  • CEH (Certified Ethical Hacker)
  • CSCU (Certified Secure Computer User) from EC-Council
  • Certified Pentesting Expert - Global Tech Council
  • Certified White Hat Hacker - Global Tech Council
  • NSE (Network Security Expert)
  • CSFPC (Cyber Security Foundation Professional Certificate))
  • CNSS (Certified Network Security Specialist)
  • BCIS (Brainbench Certified Internet Security)

What method does Logique Digital Indonesia use in conducting pentests?
In conducting pentests, Logique Digital Indonesia has 3 methods that can be used, including:

Black Box
Black Box Testing
This technique is based on certain key details of the application being tested, such as the appearance of the application, the functions contained within the application, and the adjustment of the functions of the application to the business desired by the customer. This test is carried out without looking at and testing the source code of the program within the application.

White Box
White Box Testing
This is a technique based on certain detailed and logical procedures of a program’s code. In this method, the tester will look at the entire source code of a program to locate bugs from the program’s code.

Grey Box
Grey Box Testing
This is a technique derived from a combination of both the Black Box and White Box techniques. Tis procedure involves the pentester engaging the application based on certain specifications, but uses the way it works from within the application aka the source code program.


What are the stages of Logique’s penetration testing procedures?
Logique Digital Indonesia uses international penetration testing standards as a reference for implementation in conducting tests, including:


Step 1
1 Reconnaissance
That is the stage where the Logique pentester will collect initial data or some things needed for the client. Once the data is collected, the pentester will be able to easily better plan attacks. This reconnaissance can be carried out in two ways, namely actively (directly touching the specified target) and passively (reconnaissance is carried out through intermediaries).

Step 2
2 Scanning
At this stage, an application is needed as a technical tool to collect various advanced data on the targets that we have set. At this stage, the data sought is more general, namely regarding the system they have.

Step 3
3 Gaining Access
In this phase, the pentester needs to gain access to take over control of one or more network devices in order to further extract data from the target, in order to subsequently use those devices to launch attacks on other targets.

Step 4
4 Maintaining Access
That is the stage where the pentester will make some of the necessary steps to stay in the target environment with the aim of collecting as much data as possible. In this phase, the attacker must remain in a stationary state so that it cannot be caught while using the host environment.

Step 6
5 Covering Tracks
That is the last stage where the pentester will cover the track, forcing the attacker to take the necessary steps to remove all similarities when detection is carried out. Any changes that have been made, authorizations that have been upgraded and others. Everything must return in a non-recognition state by a host network administrator.


LOGIQUE DIGITAL INDONESIA'S EXPERIENCE IN CONDUCTING PENETRATION TESTING
Logique Digital Indonesia is very experienced in conducting security assessments. We have conducted penetration tests for government websites and a number of companies in various industrial fields ranging from fintech, e-commerce, automotive, and many more.

During penetration testing for various companies, we have found some security loopholes or bugs so that patches or patches can be done immediately. Some of the bugs we have found such as:
  1. 1. Injection
  2. 2. Cross-Site Scripting (XSS)
  3. 3. Sensitif data exposure
  4. 4. Security misconfiguration
  5. 5. Broken access control, etc.
"Pentest Web/Application Services and Cyber Security from LOGIQUE"

LOGIQUE provides penetration testing (pentest) services and comprehensive reporting related to security vulnerabilities in IT systems, websites, and mobile applications. In providing this service, we focus on assessing and reporting security vulnerabilities in systems, the web, and applications at a fast time and at an affordable price. Please check the details of this service here.

Learn about LOGIQUE's Penetration Testing Services

Cyber Security Related Article


Other LOGIQUE Services

Besides having certified and experienced specialists in the field of Penetration Testing (Pentest) and Security Assessment, we also have specialists who are no less reliable for other services such as Digital Marketing. LOGIQUE can help your company who wants to do digital campaigns such as Search Engine Marketing (SEM), Content Marketing, Search Engine Optimization (SEO), Social Media optimization and others.

Our team can help every company to achieve maximum performance on every channel used in digital campaigns carried out. We can maximize the desired conversion rate through SEM services, increase organic visits through SEO services or achieve optimal engagement through social media optimization. So, what are you waiting for? Immediately consult your business needs and our digital marketing team will design the best strategy for you.





Optional Web Security Services


LOGIQUE has collaborated with PT Dtechcorp Konsultindo Prima (Dtechcorp Consulting), an experienced consulting agency registered with the BSSN (National Cyber ​​& Crypto Agency) and KOMINFO (Ministry of Communication and Information Technology), so as to meet the needs & standards of the POJK-based information technology (IT) security auditing services. We also provide consultation services for any clients aiming to obtain an ISO certification.