The PhishMe 2017 Excellence Awards Nominations are Open!

Make your nominations for the 2017 PhishMe® Excellence Awards today!

Every day, 1000s of companies use PhishMe as a cornerstone of their phishing defense program. The PhishMe Excellence Awards recognize the outstanding achievements of security professionals and organizations with innovative, successful anti-phishing and phishing defense programs to minimize the risk and impacts associated with phishing attacks.

PhishMe Launches First Free Phishing Simulation Solution for Small Businesses

Human Phishing Defense Solution Designed to Reduce SMB End-User Susceptibility to Phishing

LEESBURG, VA. – August 10, 2017 – Today PhishMe®, the leading provider of human phishing defense solutions, announced the availability of PhishMe Free™ – a no-cost phishing simulation solution for small businesses under 500 employees to condition employees and fortify their defenses against today’s advanced cyberattacks, such as ransomware, business email compromise and spear-phishing.

With 90 percent of network security breaches attributed to phishing attacks,[1] no business – large or small – is immune to cyberthreats. Small businesses in particular are at risk, with more than 55 percent of SMBs having experienced a cyberattack in the past 12 months and 50 percent reporting a data breach.[2] As widespread breaches continue to threaten businesses worldwide, organizations must adopt security measures that utilize human intelligence to protect critical assets.

“Every company – regardless of size or resources – should have access to effective cybersecurity solutions,” said Rohyt Belani, co-founder and CEO of PhishMe. “61% of cyberattacks target small and medium businesses (SMBs) and the ensuing damages cost, on average, $800,000 USD[3]. To help such organizations shore up their defenses we created PhishMe Free. This solution is tailored specifically for companies with 500 employees or less. The goal is to help SMBs build a conditioned firewall of human sensors to act as a first line of defense against attacks that bypass traditional email filtering technologies.”

PhishMe Free leverages the foundational elements and expertise behind PhishMe Simulator, the leading anti-phishing solution that reduces end-user susceptibility to phishing attacks by up to  95 percent. Much like the company’s flagship product, PhishMe Free delivers simulated email campaigns that mimic real-life spear phishing scenarios and provide instant learning opportunities for recipients who fall for the exercises. It also equips IT teams with the tools needed to educate and engage employees in their efforts to thwart phishing attacks. Key benefits include:

  • Fast deployment with an easy to manage SaaS application
  • Reporting and analytics to easily view risk exposures and monitor progress
  • Real results through a simplified enterprise- grade solution that delivers 18 templates and runs up to 12 scenarios per year
  • Mimics real-life attack tactics with threat-based scenario content and training templates for end users
  • Full access to PhishMe CBT modules, including four compliance modules and 17 interactive modules covering today’s biggest threats

“Today, small businesses are just as likely to be targeted by cyberattacks as large enterprises but the financial and reputation damages could be much more devastating,” notes Scott Crawford, research director for information security with 451 Research. “With organizations like PhishMe providing strong anti-phishing solutions catered to SMBs at no cost, more organizations can take the necessary steps to fortify their defenses to reduce the chances of phishing related breaches.”

Also included in the PhishMe Free license is access to PhishMe Community, an online customer portal where users can discuss product issues with PhishMe representatives and exchange ideas with fellow users, receive product support, access PhishMe’s exhaustive knowledge base, and learn more about the exciting things happening in the world of PhishMe.

For more information about PhishMe Free, please visit: https://phishme.com/pm-free.

 

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.

 

References:

[1] PhishMe, “PhishMe 2016 Enterprise Phishing Susceptibility and Resiliency Report”

[2] Ponemon Institute, “2016 State of Cybersecurity in Small and Medium-Sized Business,” June 2016.

[3] Ponemon Institute, “2016 State of Cybersecurity in Small and Medium-Sized Business,” June 2016.

Threat Actors Use Advanced Delivery Mechanism to Distribute TrickBot Malware

Threat actors’ consistent pursuit of improved efficiency is a key characteristic of the phishing threat landscape. One method for improving efficiency is to use a unique delivery technique that not only allows threat actors to distribute malware but also succeeds in evading anti-virus software and technologies.

Karo Ransomware Raises Stakes for Victims by Threatening to Disclose Private Information

A ransomware victim must have a compelling reason to go through the burdensome process of obtaining Bitcoin and paying the ransom. For many victims, the threat of permanently losing access to their files is enough. However, some ransomware authors and criminals seek to push victims harder by raising the stakes even further.

Threat Actors Continue Abusing Google Docs and Other Cloud Services to Deliver Malware

A key part of phishing threat actors’ mission is to create email narratives and leverage malware delivery techniques that reduce the likelihood of detection. By combining compelling social engineering with seemingly benign content, threat actors hope to bypass technical controls and to convince their human victims of a phishing email’s legitimacy. One method with a long history of use is the abuse of Google Docs file sharing URLs to deliver malware content to victims. Because Google Docs and other cloud services may be trusted within an enterprise, threat actors will continue to abuse file sharing services to possibly bypass firewalls and anti-virus technologies.

PhishMe Named a 2017 Greater Washington Area Top Workplace by The Washington Post

Leesburg, Va. – June 28, 2017 – PhishMe® (www.phishme.com), the leading provider of human-focused phishing defense solutions, announced today that it has been awarded a 2017 Top Workplaces honor by The Washington Post. The Top Workplaces lists are based solely on the results of an employee feedback survey administered by WorkplaceDynamics, LLC, a leading research firm that specializes in organizational health and workplace improvement. Several aspects of workplace culture were measured, including alignment, execution, and connection, just to name a few.

PhishMe Named a 2017 Best Place to Work by Washington Business Journal

Leesburg, Virginia – June 26, 2017 – PhishMe® (www.phishme.com), the leading provider of human-focused phishing defense solutions, today announced it has been honored for the second consecutive year as a Best Place to Work in the Washington D.C area by Washington Business Journal following an annual employee engagement survey. The Washington Business Journal ranked PhishMe 5th in the ‘large companies’ category.

PhishMe CEO and Co-Founder, Rohyt Belani, Named a 2017 Washington Business Journal 40 Under 40 Honoree

Leesburg, Virginia – June 22, 2017 – PhishMe® (www.phishme.com), the leading provider of human-focused phishing defense solutions, today announced that co-founder and CEO Rohyt Belani has been named to the Washington Business Journal’s 2017 “40 Under 40” list. The 40 Under 40 program honors Greater Washington’s top business leaders and owners under 40 years of age who exhibit outstanding performance in their field. Honorees were chosen from more than 450 nominations by a panel of outside judges and the Washington Business Journal staff, and each honoree will be recognized at an awards ceremony being held on July 20, 2017 at Nationals Park in Washington, D.C.

Tracking and Mitigating Zyklon Phishing Using Threat Intelligence and Yara

The Zyklon HTTP Botnet malware is a tool that is readily accessible to threat actors in online criminal marketplaces and has been observed in use for various criminal activities. Among its features is the ability to log the keystrokes typed by a victim as well as to collect other private or sensitive information, and one of the most notable uses for Zyklon has been as a downloader and delivery tool for the Cerber encryption ransomware. Over a dozen unique campaigns to deliver this malware have been identified and reported by PhishMe Intelligence and it represents one of the most rapidly-growing constituents on the threat landscape. Each time the Zyklon malware is identified, it has followed a relatively-straightforward and mainstream method for infecting victims. With only one exception, Zyklon has been delivered using Microsoft Word documents with hostile macro scripting used to deliver the botnet malware payload.