Intrepidus Group, a leading provider of information security services and software, today announced the PhishMe Malware Edition to train users against spear phishing attacks that involve emails that hyperlink to a website hosting malware, as well as those that include malicious file attachments. To explore the threat of malware attacks in greater detail, Intrepidus Group will host a webinar on September 15, 2009 from 2:00 to 3:00 pm. Eastern Daylight Time, titled “Malware Via Email Attachments: Can Your Workforce Dodge this Hook?”
“Attackers, today, are breaking into organizations through client-side attacks, more so than conventional attacks against Internet-facing servers,” said Rohyt Belani, CEO of Intrepidus Group. “The typical scenario is to send a handful of employees of the target organization a legitimate looking, spear phishing email and lure them to either click on a hyperlink in the email that points to a website hosting malware, or open a file attached to the email that infects the local system. If the employees fall prey, their workstations are compromised and the attacker is provided a foothold in the corporate network to expand influence through the environment and potentially gain unauthorized access to sensitive data.”
PhishMe Malware Edition protects organizations and their employees from these malicious malware attacks by providing organizations the ability to emulate malware via benign email attachments, track user responses and provide instant feedback to the victims on the threat. PhishMe Malware Edition is an extension of the award-winning PhishMe Standard Edition which focuses on training humans about the threat of click-based malware and against entering sensitive data in phony web forms. This method of training users to thwart targeted phishing attacks has been recommended by SANS and found to be most effective by researchers at Carnegie Mellon University.
“Sending malicious code into an organization isn’t a realistic testing approach for most organizations,” said Aaron Higbee, CTO of Intrepidus group. “Our challenge was to provide a realistic, yet safe, phishing attachment simulation that works for a wide range of organizations without exploiting end-user machines. Our engineers performed in-depth analysis of file formats that can traverse firewalls, present the training material when they are opened, and still provide metrics about who and when attachments get opened.”
“Today’s corporate computer users are at greater risk than ever to phishing attacks aimed at infecting the victim’s computer with malware to steal usernames, passwords – and even serve as a backdoor for the attacker,” said Belani. “It is imperative to company security that employees learn how to identify questionable emails and know not to open file attachments, or click on links to unknown websites without first verifying the authenticity of the email’s origin. PhishMe Malware Edition is a sophisticated training solution that allows our clients to emulate these threats to educate their employees and customers.”
Intrepidus Group will further explore the risk of targeted phishing attacks during its September 15th webinar where company experts will present a case study of a phishing attack against an energy company that almost resulted in their SCADA control systems being compromised. The webinar will dissect the anatomy of the attack, and evaluate how it bypassed various technical anti-phishing controls.
To register for the Intrepidus Group webinar, please visit gotomeeting.com/register/
PhishMe is a software-as-a-service (SaaS) solution designed to help prevent damage, theft and loss caused by targeted (spear) phishing attacks. PhishMe facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. This method of delivering training materials is recommended by SANS and found to be most effective by researchers at Carnegie Mellon University.
Intrepidus Group (intrepidusgroup.com) is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group’s consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues.
PhishMe.com is a registered trademark of Intrepidus Group. All other product and company names herein are or may be trademarks of their respective owners.