Stop Phishing Attacks

ThreatSim allows users to run attack simulations, on demand, via an easy to use web interface. Simulations mimic how hackers infiltrate your organization through phishing and exfiltrate sensitive data. Results collected during the simulations are compiled into actionable reports that determine your organization’s susceptibility to modern-day attacks and enable you to proactively protect your data. Request a Demo

Spear Phishing Test Results

Protect your data against attack & theft

Infiltration

Infiltration

ThreatSim simulates a targeted attack by sending realistic spear phishing emails to your employees. Each message contains a URL or crafted attachment that is unique to the recipient. Attack simulation may include email messages with attachments, URLs or messages sent via popular social networking platforms such as Facebook, LinkedIn and Twitter. The objective is to simulate the current methods hackers use to circumvent your network security and deceive your employees.

Exfiltration

Exfiltration

ThreatSim includes the intelligent XFil exfiltration agent. XFil uses the same techniques as an attacker to provide visibility into how data leaves your network by testing the effectiveness of your egress firewall rules, IDS/IPS, DLP and outbound web proxy. XFil provides a “smoke test” to determine how data can leave your network undetected. The results arm your administrators with the information they need to plug dangerous gaps on your network.

Phishing News

China Hackers Hit U.S. Chamber

A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter. The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers.

Research Reveals Widespread Vulnerability to Phishing

Internet Security Awareness Training firm KnowBe4 has released new cybercrime statistics that identify the nation's most Phish-prone industry sectors, which are those most susceptible to cybercrime ploys. The top five industries vulnerable to cybercrime include travel, education, financial services, government services and IT services. These findings are based on a recent phishing experiment KnowBe4 conducted among small and medium enterprises.

Data Exfiltration: How Data Gets Out

Most attention goes to keeping hackers out. But once they're inside, how do they extract data from your organization? Cyber criminals are increasingly becoming more sophisticated in their methods of attack. Often we can equate this to the methods of data exfiltration as well. Exfiltration, or exportation, of data is usually accomplished by copying the data from the system via a network channel, although removable media or physical theft can also be utilized.

Spear-Phishing Operation Targets Senior US Officials

According to an article in ComputerWorld, a security researcher has documented what is the latest in a long campaign of Gmail spear-phishing operations aimed at senior U.S. government officials that have been traced to China. The bogus emails are designed to appear as distribution of a real report from from the Center for a New American Security. Once the target has entered their login credentials, the information is immediately sent to the attackers, who quickly access the account to harvest potentially sensitive information.

Fake LinkedIn Notifications Lead to Malware

Malware peddlers are targeting LinkedIn users with rather legitimate-looking messages supposedly coming from the social networking site. For those users who get tricked into following the link, the mischief is done - an exploit kit at the destination server tries to exploit a number of vulnerabilities in the their systems in order to load malware on it.

Copyright © Stratum Security. All rights reserved.