Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/16/2014
12:00 AM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Vishing Module Takes a Bite Out of Automated Attacks

New Social Engineering Scenarios from Kevin Mitnick Allows IT Managers to Curb Automated Vishing Attacks

Tampa Bay, FL (Sept 16, 2014) KnowBe4 has announced the release of its automated Voicemail Phishing Security Test module, the first of its kind, giving IT Managers the ability to test users on social engineering via the phone. As criminals have expanded their repertoire, moving into new territory with automated voicemail phishing (vishing) attacks, KnowBe4 has countered with a new module loaded with five Kevin Mitnick VST Scenarios™ that can be used to keep users on their toes with security top of mind.

“Cyber criminals have moved into fully automated types of attacks, utilizing open source tools that allow thousands of dials per hour, attempting to trick end-users into giving out confidential information like their voicemail pin number, bank account and credit card information, and/or healthcare related data”, said Stu Sjouwerman, CEO of KnowBe4. “We now have a tool that can help arrest a user’s inclination to provide information.”

KnowBe4 customers will be able to upload a CSV file with employee phone numbers, choose a VST template, and start the campaign set-it-and-forget-it, very similar to the existing phishing security test campaigns KnowBe4 currently provides. The new Vishing Security Test (VST) now trains employees against social engineering attacks via the phone on their desk. If an end-user enters data via the telephone keypad in response to the VST, that means a “fail” which can be used as a reason for a short remedial training module.

“We’ve seen a massive increase of phishing and ransomware attacks in 2014 over previous years and cybercriminals are constantly looking for new ways to invade a network”, adds Sjouwerman. In KnowBe4’s recent September 2014 poll, nearly 90% of 300+ IT managers surveyed said they saw phishing attempts get through their filters every month. Frequent, effective Security Awareness Training is now an essential layer that can help data breaches like the recent Home Depot or JP Morgan Chase hacks.”

Individual employees may be targeted for seemingly innocuous information in a vishing scam and are caught unaware, providing key credentials or a way in to steal corporate data. KnowBe4 trains users on these new scenarios and how to recognize and avoid such social engineering attempts.The module plugs into the new KnowBe4 V3.5 cloud-based Admin Console for quick and easy deployment.

For more information visit www.KnowBe4.com

Links:
Training:http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Phishing and ransomware attacks on the rise:http://blog.knowbe4.com/bid/396484/Symantec-Crypto-Ransomware-Phishing-Up-700-Percent-in-2014

About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.