Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Cybersecurity IQ: Americans Have Trouble Recognizing Phishing Attacks

A new Pew Research Center survey titled "What the Public Knows about Cybersecurity." tallied responses from 1,055 adults last year about their understanding of concepts important to online safety and privacy. The results are troublesome.

SecureWorks Exposes Phishing Russian Hacker Gang APT28

Atlanta-based SecureWorks has a Counter Threat Unit which has been closely watching the Russian hacker gang APT28 over the last few years and released brand new research. This group of criminal hackers is also known as Pawn Storm, Sofacy, Strontium, Fancy Bear, and SecureWorks calls them "IRON TWILIGHT".  

A Single Spear Phishing Click Caused The Yahoo Data Breach

A single click was all it took to launch one of the biggest data breaches ever.

One mistaken click. That's all it took for a Canadian hacker aligned with rogue Russian FSB spies to gain access to Yahoo's network and potentially the email messages and private information of as many as 1.5 Billion people.

The U.S. Federal Bureau of Investigation has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday, the FBI indicted four people for the attack, two of whom are rogue FSB spies who work for the division that is supposed to cooperate with America’s FBI on cybercrime investigations.  (The FSB is the succcessor to the KGB). 

2016 Exceeds All Records in Numbers of Phishing Attacks

Year over year sustained growth in phishing campaigns produces yet another record number of attacks

The Anti-Phishing Working Group (APWG) observed that 2016 ended as the worst year for phishing in history. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing attacks in 2016 was 1,220,523. This number represents the highest ever recorded, and fully a 65 percent increase over 2015.

Forrester TEI™ Live Webinar: Value of KnowBe4 Goes Beyond ROI

KnowBe4 recently commissioned Forrester to conduct a Total Economic Impact™ (TEI) study, examining the potential Return on Investment (ROI) enterprises might realize by implementing the KnowBe4 Security Awareness Training and Simulated Phishing Platform.
The resulting research paper assesses the performance of the KnowBe4 Platform.
How does 127% ROI with a one month payback sound?
Join Stu Sjouwerman, CEO at KnowBe4 along with special guest speakers Nick Hayes, Forrester Analyst, and Reggie Lau, TEI Principal Consultant, to get insights into the detailed findings of the report.
At the end of the webinar, you will have a framework to evaluate the ROI of the KnowBe4 Security Awareness Training and Simulated Phishing Platform on your organization, and how you can leverage your end-users as your last line of defense using KnowBe4. 
Live Webinar Date: Monday, February 27 at 2:00 PM EST

7 Urgent Reasons For Creating A Human Firewall

I was at RSA 2017 in San Francisco last week, and apart from meetings with customers, VCs and the Press, I found a large amount of relevant security news. Out of the firehose of RSA data, I distilled the 7 urgent reasons why you need to create your "human firewall" as soon as you possibly can.  Employees are your last line of defense and need to become an additional security layer when (not if) attacks make it through all your technical filters. 

1. Ransomware heads the list of deadly attacks

SANS' Ed Skoudis said the rise in ransomware was the top threat. “We’ve seen this can bring down a whole network of file servers and we expect many more attacks”. His advice is that companies practice network security “hygiene” and limit permission for network shares to only those jobs that require it. And of course train your users within an inch of their lives. 

Cisco: "Spam makes major comeback. Users are your last line of defense".

Whoa Nellie. Just when you thought that spam was on its way out, Cisco’s 2017 Annual Cybersecurity Report shows the opposite. Spam is making a surprising comeback as a threat to your network, and has become an important carrier of attacks like spear phishing, ransomware and bots.

This is Cisco's 10th annual report, they use their own routers to measure the spam volume and it shows that now 65% of all corporate email is spam. The new numbers show a tsunami in 2016.  In 2010, Cisco recorded around 5K spam messages being sent per second. Over the next 5 years that number was roughly 1.5K, spiking to about 2K for a short while in 2014, but in 2016 it moves up to more than 3K per second. 

New York DFS Cybersecurity Regulation FAQ And Security Awareness Training

In New York, a new cybersecurity regulatory regime will go into effect March 1st 2017. The proposed cybersecurity regulation, known as 23 NYCRR 500, has grabbed the attention of companies doing business in New York, and others who might be anticipating cybersecurity requirements in their own jurisdictions and/or industries.

Bad News: Your Antivirus Detection Rates Have Dramatically Declined In 12 Months

We all had the nagging suspicion that antivirus is not cutting it anymore, but the following numbers confirm your intuition. I have not seen more powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.

Download This Hacked App And Die - Literally.

In the WSJ of Dec 22, 2016 there is an article that hides the real headline. It talks about the research done by CrowdStrike which shows that the DNC hack was done by a hacker group known as Fancy Bear. This group works for the Russian military intelligence agency, known as the GRU, and was one of two Russian hacker outfits that stole emails from the DNC earlier this year.

The GRU was involved in the recent war in the Ukraine, and used Fancy Bear for a particulary devious hack. 

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews