The US and UK share a lot of things. History. Political traditions. A language, if one is feeling generous. And now some worrisome phishing data that jumps out of two reports PhishMe® has commissioned, most recently in the UK.
Hunting Phished Endpoints with PhishMe Intelligence™ and Carbon Black® Response While sipping coffee and reading the morning headlines, the CISO notices a global mass-phishing campaign that took place overnight. Picking up the phone and calling the SOC, the CISO asks; “Are there any computers that may have been infected with ‘X’ that I read about this morning? I need answers before my meeting in an hour”.
Part 3 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 2 we looked at Self-Enumeration, assessing security and business process gaps that phishing attackers exploit. It’s the first step in being “Left of Breach” (see figure below), the process that builds a proactive phishing defense strategy.
So, you want to improve your response to phishing threats? Smart idea. PhishMe®’s recent report on phishing response trends shows that phishing is the #1 security concern, but almost half of organizations say they’re not ready for an attack.
As the success of phishing attacks continues to broaden and gain traction in the modern news cycle, it’s important that we understand the differences in impacts based on the type of breach.
PhishMe IntelligenceTM Integrates with ThreatQuotient’s ThreatQ Platform Swimming in a sea of threat intelligence indicators and services, security teams have been working towards effective ways to centralize, de-duplicate, and correlate massive amounts of threat data. The challenge, once this is done, is acting on what matters most. This requires intelligence, not just data.
Part 2 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 1 of this series, we talked about getting front of data breaches by taking proactive steps—everything to the left of the bullseye in the figure shown here:
PhishMe® and IBM have teamed up to provide security operations with essentials for their phishing defense program. Security teams don’t want standalone security products; they need holistic security solutions and through partner integrations. That’s why PhishMe and IBM have partnered to help enterprise businesses defend against credential-stealing, malware, ransomware, and Business Email Compromise (BEC) phishing.
BY JOHN TRAVISE AND NICOLAS OCTAVIANI PhishMe Triage™ immediately reveals an active, ongoing phishing attack against a new customer during a configuration and deployment.
Over the past few weeks, our Phishing Defense Center has observed several emails with malicious PDF attachments that prompt the user to download a .UUE file from Dropbox. UUE files (Unix to Unix Encoding) are files encoded with uuencode, a program that converts binary files to text format for easy transfer while still allowing for the files to be easily opened using Winzip or similar un-archiving applications. When file extensions are not displayed in Windows, the downloaded file looks like any other compressed file (as shown in Figure 1), which makes it harder to spot that this file is indeed...