Part 2 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.
Part 6 in a series on being “Left of Breach” in the Phishing Kill Chain.
In part 5 we looked at the importance of reporting and associated best practices for implementation and measuring success at both the simulation and program trending level. Now let’s shift the focus from the development of our user base as reporters to a more traditional security skill set of detection, analysis and mitigation of threats.
Part 1 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.
While modern technology and pervasive media can make all things appear new, they really aren’t. As we continue the battle against advanced persistent threats, malware and fraud, it’s important to remember that confidence men and women have been at this game for a long time.
Part 5 in a series on being “Left of Breach” in the Phishing Kill Chain.
In part 4 we looked at Simulation Delivery, and stress the importance of utilizing methods that model malicious actors and advanced persistent threats. We will now take a closer look at developing reporters in your company environment.
Anti-phishing, like all security, is a team sport. (Apologies for that metaphor, but football season is here.)
So join PhishMe® and other security professionals at PhishMe Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor.
Part 4 in a series on being “Left of Breach” in the Phishing Kill Chain.
In part 3 we looked at Simulation Design, where we discussed utilization of simulation results analysis and active threat intelligence in anti-phishing programs. We will now take a closer look at simulation delivery practices.
Attention incident responders: PhishMe® Submerge is for you.
Submerge 2017, our second annual User Conference and Phishing Defense Summit, offers over a dozen sessions on phishing defense alone. Overall the event will offer 30+ sessions, including another track covering phishing resilience.
While a great deal of focus for research into botnet trojans is on the multipurpose utility of this malware, many of these same tools are still utilized for direct financial crimes and fraud. This configuration data, provides a prima-facie insight into some of the preferred means for monetary gains by threat actors. An example of this can be found in the most recent rounds of TrickBot malware configurations. These XML documents describe the targeted login pages for online services and the action the malware is to take when a victim visits one. Many of the targeted resources reference the login pages for online banking portals, as many malware tools with financial-crimes capabilities often do. However, TrickBot’s targeting of cryptocurrency wallet services also an interesting insight into this malware’s targeting and its relationship to its predecessor, the Dyre trojan.