Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/16/2014
12:00 AM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Vishing Module Takes a Bite Out of Automated Attacks

New Social Engineering Scenarios from Kevin Mitnick Allows IT Managers to Curb Automated Vishing Attacks

Tampa Bay, FL (Sept 16, 2014) KnowBe4 has announced the release of its automated Voicemail Phishing Security Test module, the first of its kind, giving IT Managers the ability to test users on social engineering via the phone. As criminals have expanded their repertoire, moving into new territory with automated voicemail phishing (vishing) attacks, KnowBe4 has countered with a new module loaded with five Kevin Mitnick VST Scenarios™ that can be used to keep users on their toes with security top of mind.

“Cyber criminals have moved into fully automated types of attacks, utilizing open source tools that allow thousands of dials per hour, attempting to trick end-users into giving out confidential information like their voicemail pin number, bank account and credit card information, and/or healthcare related data”, said Stu Sjouwerman, CEO of KnowBe4. “We now have a tool that can help arrest a user’s inclination to provide information.”

KnowBe4 customers will be able to upload a CSV file with employee phone numbers, choose a VST template, and start the campaign set-it-and-forget-it, very similar to the existing phishing security test campaigns KnowBe4 currently provides. The new Vishing Security Test (VST) now trains employees against social engineering attacks via the phone on their desk. If an end-user enters data via the telephone keypad in response to the VST, that means a “fail” which can be used as a reason for a short remedial training module.

“We’ve seen a massive increase of phishing and ransomware attacks in 2014 over previous years and cybercriminals are constantly looking for new ways to invade a network”, adds Sjouwerman. In KnowBe4’s recent September 2014 poll, nearly 90% of 300+ IT managers surveyed said they saw phishing attempts get through their filters every month. Frequent, effective Security Awareness Training is now an essential layer that can help data breaches like the recent Home Depot or JP Morgan Chase hacks.”

Individual employees may be targeted for seemingly innocuous information in a vishing scam and are caught unaware, providing key credentials or a way in to steal corporate data. KnowBe4 trains users on these new scenarios and how to recognize and avoid such social engineering attempts.The module plugs into the new KnowBe4 V3.5 cloud-based Admin Console for quick and easy deployment.

For more information visit www.KnowBe4.com

Links:
Training:http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Phishing and ransomware attacks on the rise:http://blog.knowbe4.com/bid/396484/Symantec-Crypto-Ransomware-Phishing-Up-700-Percent-in-2014

About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.
CVE-2019-6659
PUBLISHED: 2019-11-15
On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.