2016 Q1 Malware Review: Ransomware Trends and Tactics
During the first quarter of 2016, the PhishMe Intelligence team generated 612 Active Threat Reports detailing waves of phishing emails that delivered malware to victims around the world each day. What stood out the most was the proliferation of encryption ransomware. It has grown to become the most common type of malware utilized through soft targeting and massively distributed attacks. This webcast will discuss the spread of ransomware and why it is so successful. Join Brendan Griffin, Senior Threat Intelligence Analyst, PhishMe to learn about:
•Trends in ransomware
•Tactics used to bypass your defenses
•Stopping the threat
RecordedJun 9 201630 mins
Your place is confirmed, we'll send you email reminders
If you are implementing a security awareness program – how do you talk about it with executives? This session will review the top 5 reports that Boards and top executives need to see as you implement a program. They will demonstrate if your plan is working or if changes are needed. These stats about your program will help you plan and secure the gaps between end users and technology while communicating measurable goals.
Lindsay Drabwell, Head of Membership Services EMEA, (ISC)², Darrel Rendell, Mollie Holleman,
What’s keeping you up at night? Ransomware? Phishing? Spyware? Malware? Data Breaches? A malicious email typically opens the door to those threats. Organizations spend great energy (and budget) preventing users from falling prey, but threat actors continue to find ways to get past automated controls, staying one step ahead of artificial intelligence tools. Cofense believes solving the phishing problem is more than just awareness: it’s about empowering humans to become instinctual nodes on the cyber defense network and feeding their real-time intelligence to security teams for immediate action.
Darrel Rendell, Principal Intelligence Analyst, Cofense
Mollie Holleman, Senior Intelligence Specialist, Cofense
Hear from Aaron Higbee and Lenny Liebmann, contributing editor with InformationWeek as they discuss the latest phishing trends, attacks and defense strategies across global enterprises and some predictions of what to expect in 2018.
John “Lex” Robinson, Anti-Phishing / Cyber Security Strategist at Cofense
We’re all bombarded by emails. Unfortunately, some are weaponized. They deliver ransomware, other malware, and social engineering scams. What happens when a phishing email gets past your security technologies and lands in employees’ inboxes?
This webinar will show you how to teach them to spot and report phishing, feed your incident response teams the intel to mitigate attacks and increase overall enterprise resiliency. Take the first step in creating a collective and collaborative defense. One that enables your team to stop email-based threats.
Adrian Davis, Director of Cybersecurity Advocacy for EMEA, (ISC)², Mollie Holleman, Senior Intelligence Specialist, Phishme
Join (ISC)² EMEA and PhishMe for a look back at 2017’s threats and a look ahead. We’ll provide an overview of what PhishMe's Intelligence team uncovered, discuss trends in phishing-delivered malware, and analyse how various delivery vectors evolved.
Some of the trends we’ll discuss:
•The implications of last year’s major global cyber-events, such as WannaCry and NotPetya
•The emergence of new ransomware families
•The abuse of legitimate functions built into business-critical software platforms to deliver malware
•The favouring of modularity and plug-in accompaniments to lightweight botnet and stealer malwares
•New ways cyber-criminals are obtaining cryptocurrency
Cyber-crime won’t slow down. Take this opportunity to learn from the recent past as you deal with current threats and prepare for whatever’s next.
Ransomware continues to be a headline grabber but where do these attacks rate compared to other cyberattacks? We look at the history of ransomware, it’s not-so-obvious impacts, and how you can prepare for the next attack in today’s 20/20 webinar.
John ‘Lex’ Robinson, Anti-Phishing / Cyber Security Strategist
Whether you’re just getting your program off the ground or looking to optimize your current program, this webinar will give you the knowledge you need. It’s based on proven programs involving over 27 million end users across 160 countries. Tune into to find out what others have done to reduce end-user susceptibility by 95% and build resiliency among their workforce.
Some of the topics covered include:
- Best ways to introduce and communicate a program
- Tips for increasing engagement
- Most important metrics your Board and C-level Execs will want to review
- How to handle repeat clickers
John ‘Lex’ Robinson, Anti-Phishing / Cyber Security Strategist
The bad news: phishing is still the #1 cyber-attack vector. The good news: new PhishMe research shows how you can go on the offensive and strengthen your resiliency to costly phishing attacks.
Join Lex Robinson, Anti-Phishing / Cyber Security Strategist, as he breaks down data from training simulations and real-life attacks to reveal how you can design a great anti-phishing program. Learn how a proactive approach conditions employees to recognize both active threats—the latest attacks that are costing organizations big-time—and “classic” threats bad actors can recycle whenever they please. See how to gain insights from incident response and phishing intelligence to keep you out in front of evolving threats. You’ll learn how to take the offensive to lower susceptibility, fortify resiliency and disrupt attacks faster.
It should come as no surprise to anyone that ransomware has become the hackers’ favored option these days. If you buy in to the scare tactics about ransomware, it’s easy to create, has a high profile in the media and can be lucrative. But like everything else in the data security world, nothing is ever as simple as it seems. This eBook (and corresponding 20/20 webcast) will look at the realities of ransomware, including the real and imagined difficulties of defending against it, the support needed on the attacker’s side to make ransomware effective and tactics victims can take to rid themselves of the malware.
Adrian Davis, Managing Director, (ISC)² EMEA, John ‘Lex’ Robinson, Marcel Feller, PhishMe
During a survey recently conducted among security professionals, 90% said phishing is the #1 threat. Yet many acknowledged they’re unprepared to deal with phishing attacks.
Attend this webinar to learn why responders are drowning in emails instead of hunting real threats. See why they’re betting on automation whilst we know, tech alone won’t stop threats from getting through and wreaking serious havoc. Learn what rapid changes and investments your peers are planning to turn the tide against phishing and protect their organisations.
You will also find out:
•How bad is the phishing threat?
•How confident are companies in their phishing responses?
•What solutions are companies using—and which ones should they add?
•How can automation and technology help? Why are humans important, too?
Josh Goldfarb, Co-founder of IDRRA; Jim Hansen, COO, PhishMe
If you’re a security professional, you understand the cyber threat to your organization and the need for an effective defense. The one big problem: your top management doesn’t. In this useful and insightful webinar, top experts offer recommendations on how to measure the cyber threat posed to your enterprise, the posture of your online defenses, and the needs and achievements of your IT security department. This webinar will bring you some new methods for describing and measuring your cybersecurity initiatives so that they can be understood by even the most business-oriented executives.
Doug Barth Principal, Founder GatePoint Research and Tim Armstrong Product Marketing, PhishMe
In early 2017, with the help of Gatepoint Research, PhishMe conducted a survey of select IT executives themed “Phishing Response Strategies”. The participants represent a wide variety of industries including business services, high tech, healthcare, financial services, and more. Survey participants were asked important questions about their current phishing response strategies’ strengths and weaknesses, as well as the current state of their phishing response programs.
Join PhishMe and Simply Direct for an in-depth review of responses to this survey and discover answers to current challenges relating to Phishing Incident Response in today’s organizations.
What are the current strategies for detecting and managing phishing attacks?
What technologies are currently deployed or in process?
What capabilities would most enhance the phishing management process?
Mike Saurbaugh, Director, Technical Alliances, PhishMe & Allan Liska – Senior Solutions Architect, Recorded Future.
Ransomware campaigns continue to evolve. Organizations can defend their business with intelligence that uncovers the tactics attackers are leveraging to inflict harm. At the same time, your employees are a valuable resource in defending against ransomware and provide security teams with useful information to take proactive measures. Security leaders and their teams are challenged with doing more with less. Integrated solutions and automation to fight ransomware enables analysts to be more efficient and accurate in the operation.
Join PhishMe and Recorded Future as they uncover the latest ransomware campaigns and how employees and analysts play an important role in defending the enterprise.
• What are researchers and other companies seeing as part of the threat landscape?
• What can teams do to protect and respond and what resources do you need to prepare?
• What are the benefits of integrating tools together and how can this help you?
No matter how quickly you’re detecting and responding to breaches, it’s still not fast enough for your customers’ and clients’ peace of mind. Even companies with the best solution in place are only doing half the job. The other half? Training your people.
The average time to find and respond to a breach?
147 days. (That’s not a typo.)
So, how do you get your organization better – and faster? And how do you train and empower your employees to do better than 147 days? In this presentation, we will explore how to harness the common detection techniques used by prairie dogs (yes, prairie dogs) and lessons we can learn from them in the domain of cyber security. HINT? It’s called Collective Security.
Prairie dog calls contain specific information as to what the predator is, how big it is and how fast it is approaching.
- Slobodchikoff, C. N. (2002), Cognition and Communication in Prairie Dogs
Rohyt Belani, PhishMe CEO & Dean Davison, Forrester Principal Consultant
With phishing attacks accounting for over 90% of all breaches and the cost of cybercrime rising, is your company doing all it can to prevent a phishing attack and costly breach?
The results are in and PhishMe’s suite of anti-phishing solutions can help protect you against attacks. Forrester Consulting has analyzed the Total Economic Impact (TEI) of implementing PhishMe’s Human Phishing Defense Solutions and the results are outstanding!
Join this webcast, featuring Rohyt Belani, PhishMe’s CEO and Dean Davison, Forrester Principal Consultant to learn more about PhishMe Solutions and the benefits Forrester identified such as:
- Return on Investment (ROI) of 336%
- Payback in less than 3 months
- Time required to address phishing threats reduced by 30%
- Employee click rate reduced on average by 80%.
Brendan Griffin, Threat Intelligence Manager at PhishMe
In 2016, the PhishMe Intelligence team saw over 2,500 active threat reports, the widespread implementation of anti-analysis methods, a notable evolution in techniques and tools to deliver malware, and the growing threat of encryption ransomware.
Now more than ever, it has become more important to detect and interdict malware during the delivery phase. What can you do to defend your environment? What will threat actors do to step things up in 2017?
Join Brendan Griffin, to learn about:
•The evolution of malware and encrypted ransomware
•2016’s most prevalent threats
•Identifying the latest malware delivery tools and techniques
•Developing a modern defense strategy and empowering your users
•What to look out for in 2017
John ‘Lex’ Robinson, Principal Information Security Consultant at PhishMe
Ransomware was the #1 cybersecurity threat in 2016. Phishing continues to thrive as the #1 attack vector used by hackers today. And technology continues to fail to stop it.
In 2016, spear-phishing attacks rose 55%, Ransomware attacks grew 4X and Business Email Compromise (BEC) losses skyrocketed 1300%.
Join PhishMe as we look back on the top attacks and explore how to use a combination of Human and Technology to stop phishing attempts before they progress to a breach. In this presentation, we will cover:
- The big phishes of 2016 and what to look out for in 2017
- Why good employees click on bad emails – the emotional and situational triggers
- How engagement can decrease susceptibility
- How IR teams can stay on top of attacks in progress
During the third quarter of 2016, the PhishMe Intelligence team generated 689 active threat reports that highlighted indicators of compromise, tactics, and techniques that serve as the hallmarks of phishing attacks. Two key stories stood out this quarter. Locky continued to steal headlines as the dominant ransomware by continuing to innovate and avoid detection by experts. Meanwhile, other, quieter malware remained an ever-present threat to companies of all sizes. Join Brendan Griffin, Threat Intelligence Manager, PhishMe to learn about:
•Evolution of Locky Ransomware
•Challenges faced by malware researchers against the constantly evolving ransomware
•Quiet malware and their proliferation
•Ransomware versus Quiet Malware business models
Scott Crawford, Research Director of Information Security, 451 Research | Allan Carey, VP of Business Development, PhishMe
With all the attention paid to the technological sophistication of cyber attacks, as well as to the new technologies arising to strengthen defense, one fact often gets overlooked: Security is fundamentally about people.
The adversary is an intelligent actor – while the target is often human as well. The compromise of sensitive information or functionality may be in the crosshairs, but it’s people that are often targeted to gain a foothold inside the victim organization, through techniques such as phishing or social engineering. But here’s the secret: In this targeting lies one of the most unsuspected – but potentially rich – assets to defense an organization can have.
In this webcast, Scott Crawford, Research Director of Information Security for 451 Research, and Allan Carey, Vice President of Business Development from PhishMe take a closer look at:
•How the targeting of people through phishing, impersonation attacks and social engineering can be leveraged to improve security and resistance to attack
•New tactics and tools that make the most of human engagement to defend organizations against these exploits
•Ways to enhance incident response by incorporating human interactions with malicious activity into the evidence chain
John ‘Lex’ Robinson, Principal Client Engagement Manager at PhishMe
Phishing (including spear phishing), persists as the #1 attack vector used by hackers today. So far in 2016, spear-phishing attacks are up 55%, Ransomware attacks are up 4X and Business Email Compromise (BEC) losses are up 1300%.
PhishMe analyzed customer responses to over 56 million simulated phishing emails sent between 2015-2016 to identify various phishing susceptibility trends amongst employees. Join John “Lex” Robinson, Principal Client Engagement Manager to learn more about –
· Emotional motivators that cause employees to be more susceptible to phishing emails
· How baselining phishing risk to your organization improves your threat response.
· The value of repetition in changing user behaviors from susceptibility to reporting.
Cofense, formerly PhishMe, is the leading provider of human-driven phishing defense solutions worldwide. We deliver a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines best-in class incident response technologies with timely attack intelligence sourced from employees. From driving awareness to security automation and orchestration, our solutions are designed to anticipate and disrupt the attack kill chain at delivery to quickly mitigate the impacts from spear phishing, ransomware, malware, and business email compromise. Today, this is all made real for thousands of global organizations. Learn more at www.cofense.com.