Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How I Would Hack Your Network (If I Woke Up Evil)
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
7/31/2017 | 2:28:06 PM
Re: %
I love that idea, Joe, of forcing completion of a 5-minute InfoSec training :-)  I've worked at orgs before where you essentially worked within a locked down piece of software with no access to anything else, but freeing up the desktop with the illusion of freedom presents lots of "teachable moment" opportunities for getting training compliance up-to-snuff quickly!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/18/2017 | 1:33:31 PM
Re: Phishing emails (responding to Joe's comment)
@Peter: Wow. Awesome insights. Thanks for trying this and sharing!

I guess you'd really need an A/B grouping while testing frequency. Group A gets subject line A, Group B gets subject line B. Then that would give you a better idea on if it was more the frequency or the subject line.

But this is cool info to go on. I think people are on to the "pretending to be your bank" scam...but the HR stuff has been pretty hot among scammers lately because it's new (and, also, I suspect, because it's about something interesting enough to be worth an email open but not so jarringly enticing that it's automatically suspicious). 
Petar Zivovic
50%
50%
Petar Zivovic,
User Rank: Apprentice
7/14/2017 | 5:30:27 PM
Re: Phishing emails (responding to Joe's comment)
I did exactly one a week for May, then did only one for June.

Result: Frequency seems to have little to no effect. Content has a big effect.

Examples: testing "Outlook password change required" and "Mint Financial Access" got few or no clicks.

But I got over two dozen clicks on "HR Notification re:Vacation policy change".

"Mint" was the one sent a month after the weekly tests were done.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/17/2017 | 11:53:36 AM
Re: Phishing emails (responding to Joe's comment)
@Petar: Fascinating.  I wonder what would happen if you upped the frequency (say, once a week) for a month or so, and then dropped back down to "normal" levels.
Petar Zivovic
50%
50%
Petar Zivovic,
User Rank: Apprentice
3/16/2017 | 12:29:55 PM
Re: Phishing emails (responding to Joe's comment)
The service we use allows for a number of templates, sender domains, subjects, etc. Given the wide variety of testing, I would lean towards the 16% being an accurate measure of susceptibility within the company as of that point in time. Note: I am seeing actual phishing emails being submitted for analysis using our phish tool on a daily basis, along with the usual spam and unwanted email, so at least some people are in fact paying attention.

"It's the difference between not slowing down on the highway as a matter of safety vs. slowing down on the highway because you think there's a speed trap ahead." This is a very good point. The number did go up when I missed a month of testing, so people apparently let down their guard. Seems to me that is just part of human nature for some people - they won't discipline themselves unless someone else is watching them. That being said, it's still way better than the initial baseline test.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/16/2017 | 11:25:40 AM
Re: Phishing emails (responding to Joe's comment)
@Petar: Does the 16% refer to overall phishing susceptibility, or susceptibility to the fake phishing email itself?

How much of this do you think is potentially attributed to people "learning" what's a "fake" phishing email?

For instance, I wonder to what extent people are thinking, "Oh, that's that wily IT department again.  I don't want to have to do another 5-minute training" (or whatever), vs. "Oh, I shouldn't click on that because it might be bad"?

It's the difference between not slowing down on the highway as a matter of safety vs. slowing down on the highway because you think there's a speed trap ahead.
Petar Zivovic
50%
50%
Petar Zivovic,
User Rank: Apprentice
2/28/2017 | 2:00:30 PM
Re: Phishing emails (responding to Joe's comment)
Re: sending fake phishing emails to train: Exactly right. It's effective when done on an ongoing basis (at least once a month.) I have seen the susceptibility rate fall to below 1% and stay there, which I consider phenomenal - until I forgot to do it one month. Then next month, it went up to 16%.

As Jefferson said, the Price of Freedom is Eternal Vigilance.
Kumzy
50%
50%
Kumzy,
User Rank: Apprentice
2/19/2017 | 8:04:34 AM
Re: %
That is a very great idea. My organization did the same thing about last week IT security sent out an e-mail that webcams had been installed in tbe breakroom refrigerators to forestal people stealing other peoples lunches a link was then provided to view the cam when you click on this link it takes you to a log in page which asks for your log in credentials, needless to say rumor started going round among staff about the webcams and people were curious about the issue so some clicked on the link and supplied their credentials and a message popped up that they have just willingly given up their credentials for a phising attack.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/2/2017 | 4:07:24 AM
Re: AV vs. DDOD or social engineering
I wouldn't go so far as to say that antivirus = outdated -- at least as a sole lines of defense.

Maintaining up-to-date antivirus is like locking your door.  Sure, there are more exciting and terrible things that can happen to bypass antivirus, but if you're not even doing that, then that's pretty lax.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
1/31/2017 | 1:00:42 PM
Re: %
@Dr.T: Perhaps the thinking was "Well, the link says not to click, but it's clearly from my own organization, so it can't be *truly* bad."

The better way to do this is to send fake phishing emails (without letting the users know what they are), and then those who click are brought to a page where they are alerted that they fell for a phishing scam -- and their computer is locked up until they complete a 5-minute InfoSec training so they don't fall for it again.  This technique has been shown to reduce successful email phishing attacks by up to 75%.
Page 1 / 3   >   >>


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...