Intrepidus Group Introduces PhishMe

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p><strong>New York</strong><br />Intrepidus Group, a provider of information security services, announced the release of PhishMe, a software solution that enables user awareness training to proactively thwart spear phishing attacks. The next-generation technology is an important weapon in the fight against the fast-growing and ominous threat of spear phishing and whaling attacks, a form of cybercrime that uses e-mail-based “social engineering” to gain unauthorized access to corporate systems and confidential data.<br /><br />Unlike mass-phishing perpetrators, who use spoofed e-mails to cast a wide net to fraudulently gather data from unsuspecting victims, spear phishing attackers target specific organizations and individuals. Unfortunately, this targeted and sophisticated technique has proven extremely successful in providing “hackers” access to financial data, corporate and military information and trade secrets, with the final goal, of course, financial or political gain.<br /><br />”Emerging security threats to the corporate landscape put both the information and company as a whole at risk. Spear Phishing is a considerable danger as it is typically a nonrandom attack seeking specific confidential information,” said Kenneth Tyminski, former CISO for Prudential Insurance Company of America. </p><p>”The training-based approach of PhishMe helps to significantly reduce these targeted attacks through employee education, helping to safeguard sensitive networks from unauthorized access.”<br /><br />According to a recent report by iDefense Labs, a noted security and vulnerability research organization, there have been 66 distinct spear phishing attacks between February 2007 and June 2008, with the rate of attacks continuing to accelerate. </p><p>The report goes on to say that spear phishing groups have claimed more than 15,000 corporate victims in 15 months, with victim losses exceeding $100,000 in some cases. Victims include Fortune 500 companies, financial institutions, government agencies and legal firms.<br /><br />”E-mail is the central application for communicating and doing business today,” said John Soltys, information security manager at the Seattle Times. “Unfortunately, it is also the application of choice for hackers to gain access to confidential information and put corporations at risk. PhishMe, created by top security experts, provides a noninvasive solution to train end users in identifying targeted phishing e-mails.”<br /><br />”Spear phishing groups are now incredibly sophisticated and, unfortunately, extremely effective,” commented Robert Hansen (aka “RSnake”), a former member of the anti-phishing team at eBay and a well-respected security blogger. “We&#39;re talking about experienced cybercriminals who have the skill and tools to pull off these schemes.”<br /><br />User Behavior Key to Defense<br />Several high-profile experiments have proven that user behavior provides the foundation for defense against spear phishing schemes. Mass-phishing campaigns are often caught by anti-spam or phishing filters. </p><p>But spear phishing attacks, which are low-volume and closely resemble legitimate e-mails, often go undetected. That&#39;s why organizations have to rely on humans for detection and resistance.<br /><br />”I often perform investigations for my clients where the initial point of entry into the victim&#39;s computer network comes from a phishing e-mail,” said Keith Jones, senior partner at Jones, Dykstra & Associates. </p><p>” is a breakthrough service that provides corporate security teams with the ability to spread user awareness about this email plague by testing their own user base. provides the auditor with an extremely easy to use interface to conduct a phishing scenario and excellent reporting capabilities complete with summary graphics. <br /><br />&ldquo;I was able to complete a phishing scenario for our employees at Jones, Dykstra & Associates in less than 10 minutes of use. I will be highly recommending to my clients to help them continue their fight against phishing attacks.”<br /><br />In one recent experiment, New York Chief Information Security Officer William Pelgrin and his team sent mock phishing e-mails to nearly 10,000 New York state employees. The messages appeared to be official notices asking them to click on Web links and provide passwords and other confidential information about themselves.<br /><br />With the first run of the e-mail, 75 percent of employees opened the email, 17 percent followed the link and 15 percent entered data. Pelgrin and his team let users who had proven vulnerable know they&#39;d been scammed and then sent another mock spear phishing e-mail. With the second run only 8 percent even opened the e-mail. In an interview with the Wall Street Journal, Pelgrin said, “This is not a one-shot deal. I&#39;ve got to reinforce that behavioral change to make it permanent.”<br /><br />In a study at Carnegie Mellon University, volunteers who had proven susceptible to mock phishing e-mails were presented embedded training materials, then sent another e-mail. In the second run, the volunteers identified 64 percent of the phishing e-mails. This compares to a mere 7 percent identified by volunteers who had received teaching materials through other mechanisms.<br /><br />Creating a Human Firewall<br />”Thinking like the attacker isn&#39;t natural for most people,&rdquo; said Aaron Higbee, CTO of Intrepidus Group. “Our job is to provide a do-it-yourself phishing framework with features real phishers can only dream about. Any phishing trend we see in the wild can be incorporated into PhishMe, only better.” <br /><br />PhishMe is a software platform that lets organizations create a human firewall against spear phishing attacks by providing an easy-to-use system for facilitating the execution of mock phishing exercises and the delivery of user awareness training. </p><p>Using PhishMe&#39;s built-in templates and WYSIWYG, (what-you-see-is-what-you-get) functionality, users can easily build real phishing attacks against employees within minutes, collect metrics on user behavior and immediately present training material to employees that fall prey. <br /><br />”Spear Phishing exploits human vulnerability. Thus our service focuses on the human element,” said Rohyt Belani, CEO of Intrepidus Group. “We use techniques recommended by reputed bodies like SANS and those found to be most effective by researchers at Carnegie Mellon University to train users in recognizing and thwarting targeted phishing attacks.”<br /></p>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|