Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/30/2009
10:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

U.S. Military Academies To Use 'PhishMe'

Spear phishing tool to be used to train 22,000 Army, Navy, Air Force and Coast Guard Cadets through user awareness

New York, NY. " July 24, 2009 " Intrepidus Group, a leading provider of information security services and software, today announced that the United States Military Academy, the United States Air Force Academy, the United States Naval Academy, and the United States Coast Guard Academy are adopting PhishMe' to periodically and continuously train their 22,000 cadets to thwart spear phishing attacks.

The United States Service Academies, also known as the United States Military Academies, are federal academies for the undergraduate education and training of commissioned officers for the United States armed forces. The Service academies are committed to expand their security curriculum and preparedness training with the implementation the PhishMe software to educate and test their cadets, and conduct joint research with Intrepidus Group in the area of sophisticated phishing and whaling attacks.

The PhishMe product provides a proven mechanism for delivering effective human education in the fight against targeted phishing and whaling attacks that are used in email-based "social engineering" schemes. These schemes comprise spoofed emails claiming to be from legitimate businesses and agencies to lead users to counterfeit websites designed to trick recipients into divulging sensitive data such as usernames and passwords, or installing malicious software on their systems.

"Intrepidus Group has created an intuitive, valuable solution in PhishMe to educate users and modify behavior to significantly reduce the probability of success of phishing attacks," said Lieutenant Colonel Ron Dodge, Associate Dean, IETD, United States Military Academy. "We look forward to training our student body about this threat through first-hand experience."

The number of phishing attacks are on the rise, increasing the risk to organizations, employees, and end-users. According to a recent Phishing Activity Trends Report by the Anti Phishing Work Group (APWG), password-stealing crimeware reached an all time high of 31,173 in December, an 827 percent increase from January 2008. In addition, more than 250 corporate brands were hijacked by phishing and whaling campaigns.

PhishMe addresses these threats with an innovative mechanism for training users that are most susceptible to email-based, social engineering cyber threats that may penetrate anti-spam, or phishing filters. The software platform lets organizations establish a human firewall against these attacks by providing a user-friendly, cost-effective system for facilitating mock phishing exercises and the delivery of real-time, electronic-based training. Using PhishMe's built-in templates and WYSIWYG, (What-you-see-is-what-you-get) functionality, security professionals can easily build realistic phishing attacks, collect metrics on user behavior, and immediately present online security awareness training material to those found vulnerable to rapidly impact human behavior.

Since its launch in July 2008, PhishMe has been adopted by US government agencies and Fortune 1000 companies across multiple vertical market sectors including Financial Services, Healthcare and Defense Contracting. More than 250,000 people have been trained, using PhishMe, to identify and thwart spear phishing attacks.

"PhishMe is a proven mechanism of educating humans to impede targeted phishing attacks which can place organizations, their employees and customers at significant risk," said Rohyt Belani, CEO, Intrepidus Group and Adjunct Professor at Carnegie Mellon University. "We look forward to our engagement with the Service academies in training the military leaders of tomorrow."

About PhishMe PhishMe is a software-as-a-service (SaaS) solution designed to help prevent damage, theft and loss caused by targeted (spear) phishing attacks. PhishMe facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. This method of delivering training materials is recommended by SANS and found to be most effective by researchers at Carnegie Mellon University.

About Intrepidus Intrepidus Group is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group's consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues.

###

PhishMe.com is a registered trademark of Intrepidus Group. All other product and company names herein are or may be trademarks of their respective owners.

Intrepidus Group One Penn Plaza Suite 6180 New York, New York 10119 http://intrepidusgroup.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17505
PUBLISHED: 2020-08-12
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
CVE-2020-17506
PUBLISHED: 2020-08-12
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
CVE-2020-2035
PUBLISHED: 2020-08-12
When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within ...
CVE-2020-5415
PUBLISHED: 2020-08-12
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerabilit...
CVE-2020-6653
PUBLISHED: 2020-08-12
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's ac...