This week on Malware of the Week, we're going to focus on the SecurityXploded Toolkit and phishing of Microsoft Sharepoint.
We take a look at SecurityXploded Toolkit, a legitimate pack of free security tools put out by XenArmor to help security experts and system administrators that threat actors have hi-jacked it to steal your passwords
Next, we look at a Microsoft Sharepoint phish that takes advantage of Office 365’s growing market share.
Get the details in this week’s video.
In spite of all the spectacular news stories about advanced persistent threats and targeted hacks from nation-states, the most common security challenge facing enterprises today continues to be social engineering. Successful hackers know the user is the weakest link in the security chain. Email phishing campaigns have proven to be the path of least resistance to get unsuspecting individuals to download and install their malicious software. Getting users to identify phishing attacks and training them not to click on links in email messages is not a trivial task. Join KnowBe4 as we discuss the strategies and techniques that social engineers are finding success with, how to implement these techniques and to create real-world simulated phishing email to test your employees and see how phish-prone they really are.Read more >
More than 90% of reported data breaches and security incidents in 2016 involved a successful phishing attack*. Attackers rely on phishing as a primary strategy because it continues to be both effective and efficient, as users remain the most vulnerable attack vector.
The best defense against phishing is proactively educating your users, through a shame-free campaign that prepares them for real-world phishing attempts. Along with teaching your users what to watch for, an internal phishing exercise can result in faster user reports of possible phish attempts and reinforce your security response plan.
In this webinar, you will learn how to:
- Quickly and easily assess your security posture
- Help build the business case for addressing your organization’s security needs
- Build and deploy effective phishing simulations within minutes
- Identify vulnerable users and devices
- Increase the speed of user reporting for possible phishing messages
* Verizon 2017 Data Breach Investigations Report, page 30
What can be done to better protect organizations and individuals from phishing attacks that start with fake email?
The unfortunate truth is that email technology was not initially designed to be secure. Hackers use many techniques to send imposter email and trick end users. In response, email security technology has evolved over the years to add sender authentication features meant to protect recipients from fake email. While this helps, it’s clear from the headlines that fake email continues to bypass email authentication defenses and in fact, the entire security infrastructure.
Learn more about email authentication and how to effectively shut down fake email phish, including:
Techniques Hackers Use to Spoof Email
The Role of Email Authentication
How to Fortify Your Security Infrastructure to Stop Phish
How customers in case studies stopped fake emails
In spite of all the spectacular news stories about advanced persistent threats and targeted hacks from nation-states, the most common security challenge facing enterprises today continues to be social engineering. Successful hackers understand that the user is the weakest link in the security chain. Email phishing campaigns have proven to be the path of least resistance to get unsuspecting individuals to download and install their malicious software. Getting users to identify phishing attacks and training them not to click on links in email messages is not a trivial task.
In this webinar, you’ll learn the strategies and techniques that social engineers are finding success with. You’ll also learn how to implement these techniques, to create real-world simulated phishing emails to test your employees and see how phish-prone they really are.
Key topics covered in this webinar:
- Latest phishing attacks strategies and techniques
- Some of the top-clicked phishing emails from Q3-2017
- How to use these tactics when creating simulated phishing emails to test your user
We’re all bombarded by emails. Unfortunately, some are weaponized. They deliver ransomware, other malware, and social engineering scams. What happens when a phishing email gets past your security technologies and lands in employees’ inboxes?
This webinar will show you how to teach them to spot and report phishing, feed your incident response teams the intel to mitigate attacks and increase overall enterprise resiliency. Take the first step in creating a collective and collaborative defense. One that enables your team to stop email-based threats.
There are new phishing campaigns being created all the time by threat actors. Area 1 proactively identifies and stops phishing attacks across all traffic vectors. This short webinar covers some of the more recent detections that have stopped several phishing campaigns for our customers. We will cover instant link analysis for emails, encrypted attachment analysis and exploit kit tracking.Read more >
Advanced phishing attacks and ransomware continue to plague Organizations with a 55% increase according to Symantec threat research. Users continue to be easily social engineered into opening phishing emails which can steal confidential data like credentials. In addition, email continues to be the number one vector for malware including ransomware. Combating these insidious threats requires a powerful combination of advanced protection and user security awareness.
This webinar introduces email threat isolation, a paradigm shift in the fight against phishing attacks and ransomware.
Join us to learn how Symantec Email Security can:
- Isolate malicious threats in links and attachments to prevent malware payloads and credential theft.
- Pre-empt phishing attacks with real-world simulations and built-in user security awareness tools, tracking readiness over time.
- Anticipate future campaigns with comprehensive security analytics gathered from previous attacks against your organization.
- Fully secure your Office 365 or Google G Suite apps with integrated DLP and CASB for both advanced data and threat protection.
In addition, we will show you Symantec Email Threat Isolation, in action, with a demo that showcases safe rendering of links.
Phishing is the #1 security concern for 2016, with an unprecedented growth in phishing attacks this year. Over 90% of the year’s hacking attacks began with email and increasingly, attackers are targeting Office365. Find out why.Read more >
Ransomware was the #1 cybersecurity threat in 2016. Phishing continues to thrive as the #1 attack vector used by hackers today. And technology continues to fail to stop it.
In 2016, spear-phishing attacks rose 55%, Ransomware attacks grew 4X and Business Email Compromise (BEC) losses skyrocketed 1300%.
Join PhishMe as we look back on the top attacks and explore how to use a combination of Human and Technology to stop phishing attempts before they progress to a breach. In this presentation, we will cover:
- The big phishes of 2016 and what to look out for in 2017
- Why good employees click on bad emails – the emotional and situational triggers
- How engagement can decrease susceptibility
- How IR teams can stay on top of attacks in progress
When the Google Docs phishing scam spread across the network in early May, it showed what a sophisticated phishing email looks like. It did not ask for a user's password and in some cases, it came from contacts the user already knew. What made this scam so hard to spot and what can we expect to see in the future when it comes to phishing attacks?
Join this panel of experts to learn:
- Latest trends in phishing scams
- How to spot a phishing email from a mile away
- Recommendations on how to avoid becoming a victim
- David Morris, Pioneer in Cybersecurity
- Phil Richards, CSO of Ivanti Software
- Vikram Thakur, Technical Director, Security Response Team at Symantec
- Sean Hittel, Principal Security Engineer at Netskope
A massive phishing campaign targeting Google accounts ripped through the internet on a Wednesday afternoon in early May. Phishing scams are pretty common. What sets this scam apart is that it is more convincing than most. The email takes users who click on the file to a legitimate Google sign-in screen to grant permissions. If you received the email or are concerned you might be targeted next, join this interactive Q&A panel to get the facts and protect your account and your organization.
- What is the Google Docs email scam?
- How is this scam different from other phishing scams?
- What's the deal with Eugene Pupov?
- Who's at risk and how can you avoid being a victim?
- What can we expect in the future?
- Vince Tocce, Vince in the Bay Podcast
- Nathan Wenzler, Chief Security Strategist at AsTech Consulting
- Kowsik Guruswamy, CTO for Menlo Security
Earlier in May, a sophisticated phishing attack masquerading as a Google Docs permission request swept across organizations and individual Gmail users. Every time someone clicked the prompts, the app gained access to the user’s contact list and blasted out a new round of emails, causing a ripple effect of compromised accounts. If Google didn't reach so swiftly to fix the problem, the repercussions across businesses and consumers would have been devastating.
Join this panel of experts to find out how to prevent the next wave of phishing email scams hurting your organization.
- What sets this Google Docs email scam from other scams?
- Why is security awareness a key defense against cyber attacks?
- What should you be doing today to avoid being a victim tomorrow?
- Elena Steinke, Cybersecurity Strategic & Tactical Architect & Board Director of Women's Society of Cyberjutsu
- Lance Cottrell, Chief Scientist at Ntrepid Corp.
- Mounir Hahad, Sr Director of Cyphort Labs
- Masha Sedova, Co-Founder of Elevate Security
2016 has been a milestone year for SaaS security threats, with a 3x increase in phishing attacks, 6x increase in email malware, and a 5x increase in ransomware attacks in the first half of the year alone. Why the sudden spike? What will the greatest SaaS security threats be in 2017? And most importantly, how can you best prepare for the threats that you'll face next year? Join this informative and educational web presentation to learn how to deploy a multi-vendor, defense-in-depth approach to protect all your SaaS applications from the greatest threats in the coming year. Whether SaaS email protection, SaaS file sharing and data leakage, compliance risk or protection from compromised credentials, you'll enter the new year with all the knowledge you need to make informed decisions about SaaS security.Read more >
Sandbox technology is a favorite tool for security researchers, enabling them to analyze files and detect malware.
But is it effective at actually stopping phishing attacks without slowing down business productivity?
Watch this webinar to learn:
o How Sandboxes Detect Malware Phish
o Techniques Hackers Use to Evade Sandboxes
o A Better Way To Defeat Phish
Email is the most popular communication tool, as well as the entry point for up to 95% of security breaches. As cyber criminals evolve their techniques, targeted, enterprise-facing email attacks are rapidly increasing, fueled by an almost inexhaustible supply of potential victims and the tremendous profits awaiting successful fraudsters.
This talk will provide an overview of both the technical and psychological principles these criminals take advantage of, shedding light on why traditional defenses continue to fail. We will then describe a set of new defense mechanisms that enable enterprises to stop these attacks and review the results of early experiments with these approaches, which offer a new perspective on ways to prevent email fraud.
Dr. Markus Jakobsson is a security researcher with interests in applied security, ranging from device security to user interfaces. He is one of the main contributors to the understanding of phishing and crimeware, and is currently focusing his efforts on human aspects of security and mobile security.
Recent IT security reports show that targeted spear phishing attacks are dramatically increasing. The news of the recent Flame malware has shown that advanced targeted attacks are growing in intensity and are quickly becoming the new ‘normal’.
Spear phishing has become a successful tactic that hackers use to exploit your network and trigger an attack which can lead to catastrophic financial, operational, and reputation risks. Discover how to keep your network secure – by learning more about today’s targeted spear phishing attacks and how you can close the security gap that sophisticated hackers are exploiting. Key topics include:
- The growing popularity of spear phishing tactics and how targeted attacks are triggered
- A real-world example of spear phishing that led to an advanced targeted attack
- Real-time techniques to help you mitigate the threat of spear phishing
While social engineering is an age-old tactic employed by con artists and attackers alike, increasing interconnectedness of social media accounts has made it easier than ever to obtain enough information to launch successful attacks such as spear phishing.
In this talk, MJ Kelly explores the emerging dangers of information exposure through social media and its increasing attack surface. She presents practical strategies for protecting yourself and your company, including social media security awareness, identity verification, and recovery from hijacked online identity.