Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/30/2009
10:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

U.S. Military Academies To Use 'PhishMe'

Spear phishing tool to be used to train 22,000 Army, Navy, Air Force and Coast Guard Cadets through user awareness

New York, NY. " July 24, 2009 " Intrepidus Group, a leading provider of information security services and software, today announced that the United States Military Academy, the United States Air Force Academy, the United States Naval Academy, and the United States Coast Guard Academy are adopting PhishMe' to periodically and continuously train their 22,000 cadets to thwart spear phishing attacks.

The United States Service Academies, also known as the United States Military Academies, are federal academies for the undergraduate education and training of commissioned officers for the United States armed forces. The Service academies are committed to expand their security curriculum and preparedness training with the implementation the PhishMe software to educate and test their cadets, and conduct joint research with Intrepidus Group in the area of sophisticated phishing and whaling attacks.

The PhishMe product provides a proven mechanism for delivering effective human education in the fight against targeted phishing and whaling attacks that are used in email-based "social engineering" schemes. These schemes comprise spoofed emails claiming to be from legitimate businesses and agencies to lead users to counterfeit websites designed to trick recipients into divulging sensitive data such as usernames and passwords, or installing malicious software on their systems.

"Intrepidus Group has created an intuitive, valuable solution in PhishMe to educate users and modify behavior to significantly reduce the probability of success of phishing attacks," said Lieutenant Colonel Ron Dodge, Associate Dean, IETD, United States Military Academy. "We look forward to training our student body about this threat through first-hand experience."

The number of phishing attacks are on the rise, increasing the risk to organizations, employees, and end-users. According to a recent Phishing Activity Trends Report by the Anti Phishing Work Group (APWG), password-stealing crimeware reached an all time high of 31,173 in December, an 827 percent increase from January 2008. In addition, more than 250 corporate brands were hijacked by phishing and whaling campaigns.

PhishMe addresses these threats with an innovative mechanism for training users that are most susceptible to email-based, social engineering cyber threats that may penetrate anti-spam, or phishing filters. The software platform lets organizations establish a human firewall against these attacks by providing a user-friendly, cost-effective system for facilitating mock phishing exercises and the delivery of real-time, electronic-based training. Using PhishMe's built-in templates and WYSIWYG, (What-you-see-is-what-you-get) functionality, security professionals can easily build realistic phishing attacks, collect metrics on user behavior, and immediately present online security awareness training material to those found vulnerable to rapidly impact human behavior.

Since its launch in July 2008, PhishMe has been adopted by US government agencies and Fortune 1000 companies across multiple vertical market sectors including Financial Services, Healthcare and Defense Contracting. More than 250,000 people have been trained, using PhishMe, to identify and thwart spear phishing attacks.

"PhishMe is a proven mechanism of educating humans to impede targeted phishing attacks which can place organizations, their employees and customers at significant risk," said Rohyt Belani, CEO, Intrepidus Group and Adjunct Professor at Carnegie Mellon University. "We look forward to our engagement with the Service academies in training the military leaders of tomorrow."

About PhishMe PhishMe is a software-as-a-service (SaaS) solution designed to help prevent damage, theft and loss caused by targeted (spear) phishing attacks. PhishMe facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. This method of delivering training materials is recommended by SANS and found to be most effective by researchers at Carnegie Mellon University.

About Intrepidus Intrepidus Group is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group's consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues.

###

PhishMe.com is a registered trademark of Intrepidus Group. All other product and company names herein are or may be trademarks of their respective owners.

Intrepidus Group One Penn Plaza Suite 6180 New York, New York 10119 http://intrepidusgroup.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17366
PUBLISHED: 2020-08-05
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate...
CVE-2020-9036
PUBLISHED: 2020-08-05
Jeedom through 4.0.38 allows XSS.
CVE-2020-15127
PUBLISHED: 2020-08-05
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flip...
CVE-2020-15132
PUBLISHED: 2020-08-05
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that th...
CVE-2020-7298
PUBLISHED: 2020-08-05
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.