Security : Data Breach : Information Security Compliance :
Vishing Module Takes a Bite Out of Automated Attacks
September 29, 2014 10:00 AM
New Social Engineering Scenarios from Kevin Mitnick Allows IT Managers to Curb Automated Vishing Attacks
KnowBe4 has announced the release of its automated Voicemail Phishing Security Test module, the first of its kind, giving IT Managers the ability to test users on social engineering via the phone. As criminals have expanded their repertoire, moving into new territory with automated voicemail phishing (vishing) attacks, KnowBe4 has countered with a new module loaded with five Kevin Mitnick VST Scenarios™ that can be used to keep users on their toes with security top of mind.
“Cyber criminals have moved into fully automated types of attacks, utilizing open source tools that allow thousands of dials per hour, attempting to trick end-users into giving out confidential information like their voicemail pin number, bank account and credit card information, and/or healthcare related data”, said Stu Sjouwerman, CEO of KnowBe4. “We now have a tool that can help arrest a user’s inclination to provide information.”
KnowBe4 customers will be able to upload a CSV file with employee phone numbers, choose a VST template, and start the campaign set-it-and-forget-it, very similar to the existing phishing security test campaigns KnowBe4 currently provides. The new Vishing Security Test (VST) now trains employees against social engineering attacks via the phone on their desk. If an end-user enters data via the telephone keypad in response to the VST, that means a “fail” which can be used as a reason for a short remedial training module.
“We’ve seen a massive increase of phishing and ransomware attacks in 2014 over previous years and cybercriminals are constantly looking for new ways to invade a network”, adds Sjouwerman. In KnowBe4’s recent September 2014 poll, nearly 90% of 300+ IT managers surveyed said they saw phishing attempts get through their filters every month. Frequent, effective Security Awareness Training is now an essential layer that can help data breaches like the recent Home Depot or JP Morgan Chase hacks.”
Individual employees may be targeted for seemingly innocuous information in a vishing scam and are caught unaware, providing key credentials or a way in to steal corporate data. KnowBe4 trains users on these new scenarios and how to recognize and avoid such social engineering attempts.The module plugs into the new KnowBe4 V3.5 cloud-based Admin Console for quick and easy deployment.
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.