Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/16/2014
12:00 AM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Vishing Module Takes a Bite Out of Automated Attacks

New Social Engineering Scenarios from Kevin Mitnick Allows IT Managers to Curb Automated Vishing Attacks

Tampa Bay, FL (Sept 16, 2014) KnowBe4 has announced the release of its automated Voicemail Phishing Security Test module, the first of its kind, giving IT Managers the ability to test users on social engineering via the phone. As criminals have expanded their repertoire, moving into new territory with automated voicemail phishing (vishing) attacks, KnowBe4 has countered with a new module loaded with five Kevin Mitnick VST Scenarios™ that can be used to keep users on their toes with security top of mind.

“Cyber criminals have moved into fully automated types of attacks, utilizing open source tools that allow thousands of dials per hour, attempting to trick end-users into giving out confidential information like their voicemail pin number, bank account and credit card information, and/or healthcare related data”, said Stu Sjouwerman, CEO of KnowBe4. “We now have a tool that can help arrest a user’s inclination to provide information.”

KnowBe4 customers will be able to upload a CSV file with employee phone numbers, choose a VST template, and start the campaign set-it-and-forget-it, very similar to the existing phishing security test campaigns KnowBe4 currently provides. The new Vishing Security Test (VST) now trains employees against social engineering attacks via the phone on their desk. If an end-user enters data via the telephone keypad in response to the VST, that means a “fail” which can be used as a reason for a short remedial training module.

“We’ve seen a massive increase of phishing and ransomware attacks in 2014 over previous years and cybercriminals are constantly looking for new ways to invade a network”, adds Sjouwerman. In KnowBe4’s recent September 2014 poll, nearly 90% of 300+ IT managers surveyed said they saw phishing attempts get through their filters every month. Frequent, effective Security Awareness Training is now an essential layer that can help data breaches like the recent Home Depot or JP Morgan Chase hacks.”

Individual employees may be targeted for seemingly innocuous information in a vishing scam and are caught unaware, providing key credentials or a way in to steal corporate data. KnowBe4 trains users on these new scenarios and how to recognize and avoid such social engineering attempts.The module plugs into the new KnowBe4 V3.5 cloud-based Admin Console for quick and easy deployment.

For more information visit www.KnowBe4.com

Links:
Training:http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Phishing and ransomware attacks on the rise:http://blog.knowbe4.com/bid/396484/Symantec-Crypto-Ransomware-Phishing-Up-700-Percent-in-2014

About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5423
PUBLISHED: 2020-12-02
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
CVE-2020-29454
PUBLISHED: 2020-12-02
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVE-2020-7199
PUBLISHED: 2020-12-02
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access,...
CVE-2020-14260
PUBLISHED: 2020-12-02
HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.
CVE-2020-14305
PUBLISHED: 2020-12-02
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat ...