Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/30/2009
10:35 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

U.S. Military Academies To Use 'PhishMe'

Spear phishing tool to be used to train 22,000 Army, Navy, Air Force and Coast Guard Cadets through user awareness

New York, NY. " July 24, 2009 " Intrepidus Group, a leading provider of information security services and software, today announced that the United States Military Academy, the United States Air Force Academy, the United States Naval Academy, and the United States Coast Guard Academy are adopting PhishMe' to periodically and continuously train their 22,000 cadets to thwart spear phishing attacks.

The United States Service Academies, also known as the United States Military Academies, are federal academies for the undergraduate education and training of commissioned officers for the United States armed forces. The Service academies are committed to expand their security curriculum and preparedness training with the implementation the PhishMe software to educate and test their cadets, and conduct joint research with Intrepidus Group in the area of sophisticated phishing and whaling attacks.

The PhishMe product provides a proven mechanism for delivering effective human education in the fight against targeted phishing and whaling attacks that are used in email-based "social engineering" schemes. These schemes comprise spoofed emails claiming to be from legitimate businesses and agencies to lead users to counterfeit websites designed to trick recipients into divulging sensitive data such as usernames and passwords, or installing malicious software on their systems.

"Intrepidus Group has created an intuitive, valuable solution in PhishMe to educate users and modify behavior to significantly reduce the probability of success of phishing attacks," said Lieutenant Colonel Ron Dodge, Associate Dean, IETD, United States Military Academy. "We look forward to training our student body about this threat through first-hand experience."

The number of phishing attacks are on the rise, increasing the risk to organizations, employees, and end-users. According to a recent Phishing Activity Trends Report by the Anti Phishing Work Group (APWG), password-stealing crimeware reached an all time high of 31,173 in December, an 827 percent increase from January 2008. In addition, more than 250 corporate brands were hijacked by phishing and whaling campaigns.

PhishMe addresses these threats with an innovative mechanism for training users that are most susceptible to email-based, social engineering cyber threats that may penetrate anti-spam, or phishing filters. The software platform lets organizations establish a human firewall against these attacks by providing a user-friendly, cost-effective system for facilitating mock phishing exercises and the delivery of real-time, electronic-based training. Using PhishMe's built-in templates and WYSIWYG, (What-you-see-is-what-you-get) functionality, security professionals can easily build realistic phishing attacks, collect metrics on user behavior, and immediately present online security awareness training material to those found vulnerable to rapidly impact human behavior.

Since its launch in July 2008, PhishMe has been adopted by US government agencies and Fortune 1000 companies across multiple vertical market sectors including Financial Services, Healthcare and Defense Contracting. More than 250,000 people have been trained, using PhishMe, to identify and thwart spear phishing attacks.

"PhishMe is a proven mechanism of educating humans to impede targeted phishing attacks which can place organizations, their employees and customers at significant risk," said Rohyt Belani, CEO, Intrepidus Group and Adjunct Professor at Carnegie Mellon University. "We look forward to our engagement with the Service academies in training the military leaders of tomorrow."

About PhishMe PhishMe is a software-as-a-service (SaaS) solution designed to help prevent damage, theft and loss caused by targeted (spear) phishing attacks. PhishMe facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. This method of delivering training materials is recommended by SANS and found to be most effective by researchers at Carnegie Mellon University.

About Intrepidus Intrepidus Group is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group's consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues.

###

PhishMe.com is a registered trademark of Intrepidus Group. All other product and company names herein are or may be trademarks of their respective owners.

Intrepidus Group One Penn Plaza Suite 6180 New York, New York 10119 http://intrepidusgroup.com

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.