CHANTILLY, Va., Feb. 18, 2014 — PhishMe Inc., creator of the industry-leading phishing mitigation and detection platform, today reported extraordinary corporate performance for the 2013 fiscal year. Bookings grew 130% over the previous year and the company achieved significant increases across all key corporate performance measures, including the largest fourth quarter in company history.
Reports from the Target breach investigation continue to trickle in, with Brian Krebs now citing multiple sources close to the investigation that have traced the initial compromise to login credentials stolen through a phishing email.
Last week, we discussed how attackers can steal credentials without using malware through data-entry phishing. While this tactic is a common and highly effective technique, the latest report on Target alleges that Citadel, a password-stealing derivative of the ZeuS banking Trojan, was responsible for stealing login credentials from Target vendor Fazio Mechanical, which provided attackers with the foothold they needed in Target’s network.
‘Old School’ email social engineering or data-entry phishing is an attack method that has been on the rise in recent months, notably employed by the Syrian Electronic Army to hack seemingly every major media outlet in the Western hemisphere, and possibly responsible for other high-profile breaches.
A Target spokesperson confirmed last week that attackers initially gained access to the company systems through stolen credentials obtained through a vendor. While Target has not confirmed the exact method through which the credentials were stolen, one possible scenario is that attackers sent a spear-phishing email to the vendor, obtained valid login credentials for Target, and used those credentials to gain a foothold in Target’s network.
Punishing users for undesired security behavior? We believe that punishing users is a misguided idea that will alienate them and make it difficult to ever improve user security behavior. Every so often, someone in the industry brings up the idea of punishing users as a way of motivating/improving behavior. We hadn’t heard much on this topic since we wrote a post on it back in September; however, it has flared up again.
CHANTILLY, Va., Jan. 14, 2014 – PhishMe® Inc. today announced the appointment of Kevin Mandia to its Board of Directors. As the leading provider of immersive security behavior management, PhishMe helps enterprises improve employee resilience to and reporting of targeted phishing, malware, and drive-by attacks – the most common attack vectors used to compromise corporate and government networks today.