CHANTILLY, Va., Feb. 20, 2014– PhishMe® Inc., the leading provider of phishing mitigation and detection for organizations concerned about human susceptibility to sophisticated cyber attacks, today announced that its CEO and co-founder, Rohyt Belani, will present at AGC Partners’ Tenth Annual West Coast InfoSec & Technology Growth Conference and its CTO and co-founder, Aaron Higbee, will present at RSA Conference 2014, both held in San Francisco, CA next week.
CHANTILLY, Va., Feb. 18, 2014 — PhishMe Inc., creator of the industry-leading phishing mitigation and detection platform, today reported extraordinary corporate performance for the 2013 fiscal year. Bookings grew 130% over the previous year and the company achieved significant increases across all key corporate performance measures, including the largest fourth quarter in company history.
Reports from the Target breach investigation continue to trickle in, with Brian Krebs now citing multiple sources close to the investigation that have traced the initial compromise to login credentials stolen through a phishing email.
Last week, we discussed how attackers can steal credentials without using malware through data-entry phishing. While this tactic is a common and highly effective technique, the latest report on Target alleges that Citadel, a password-stealing derivative of the ZeuS banking Trojan, was responsible for stealing login credentials from Target vendor Fazio Mechanical, which provided attackers with the foothold they needed in Target’s network.
‘Old School’ email social engineering or data-entry phishing is an attack method that has been on the rise in recent months, notably employed by the Syrian Electronic Army to hack seemingly every major media outlet in the Western hemisphere, and possibly responsible for other high-profile breaches.
A Target spokesperson confirmed last week that attackers initially gained access to the company systems through stolen credentials obtained through a vendor. While Target has not confirmed the exact method through which the credentials were stolen, one possible scenario is that attackers sent a spear-phishing email to the vendor, obtained valid login credentials for Target, and used those credentials to gain a foothold in Target’s network.