Join us for the Human Behavior Conference on Oct. 30th
Current events in Ukraine have created heightened cybersecurity concerns. For this reason, CISA (Cybersecurity and Infrastructure Security Agency) issued a rare “Shields Up” alert for all organizations to be prepared to respond to disruptive cyberactivity. Notably, CISA is recommending the following actions for all corporate leaders, including CEOs (Chief Executive Officers):
For details regarding each CISA recommendation, please refer to the Shields Up alert, 5 Urgent Cybersecurity Actions for Executives.
As reported by Avast, attackers targeted local communication infrastructures, network providers and other services. According to Avast, emails with malicious attachments were sent to accounting departments. These attachments, either .pdf or .docx, contained password-stealer malware, such as FormBook or AgentTesla and RATs (Remote Access Tools). The phishing emails had subject lines related to payments and invoices such as:
Image: Avast
Attackers are possibly using a compromised Ukrainian armed service member’s email account to target government personnel tasked with collecting refugee movement information in Europe According to Proofpoint, the malicious emails included a macro attachment which used social engineering themes pertaining to the Emergency Meeting of the NATO Security Council.
In this heightened cybersecurity environment, security awareness and training are even more important. In view of this, CISA recommends that “all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
The Social-Engineer Risk Assessment (SERA) helps organizations evaluate their unique attack surface for social engineering attacks. With SERA, you have the option of an Open Source Intelligence (OSINT) investigation of your company, and high-value internal personnel. We collect data from publicly-available sources such as social media platforms, public records, interest, and hobby sites, as well as other online databases. From the data we collect, we then search for information that would enable a threat actor to perform targeted attacks against your employees. We also seek out vulnerabilities that would give an attacker access to your facilities, accounts, or other sensitive information. We can perform a Social Engineering Risk Assessment against your company as a whole or against a single individual. Our sources range from open-source Clearnet all the way to DarkWeb resources and tools. 
After we complete OSINT, you have the option for us to perform both phishing and vishing attack vectors on the target. We can gear these attacks toward testing your infrastructure as we do in an adversary simulation, or informational only. In fact, this service is completely customizable by you and for your organization.
Please contact our team today for a quote.
As cyber threats continue to increase, so does the need for cyber security professionals. Some of the skills needed to succeed in the field of cyber security are programming skills,
Today, the cybersecurity industry focuses a lot more on complicated solutions and tools. Companies are always looking to improve their security measures with the latest technologies. However, attackers often choose
