« on: September 10, 2012, 06:50:40 pm »
SPT
Hey, what is this thing?spt is a simple concept with powerful possibilities. It is what it’s name implies: a simple phishing toolkit.
The basic idea we (the spt project) had was that wouldn’t it be cool if there were a simple, effective, easy to use and free (most importantly!) tool that information security professionals could use to evaluate and train what we all know is the weakest link in any security minded organization: the people. Since the founders of the spt project are themselves information security professionals by day (and possibly either LOL cats or zombies by night), they themselves faced the frustration of dealing with people within their own organizations that claimed to know better, but 9 times out of 10 fell for the most absurdly obvious phishing emails ever seen. A malware outbreak here, a stolen password and loss of critical organizational data there and the costs of dealing with the results of phishing can get to be astronomical pretty darn quickly!
Enter spt. spt was made from scratch, like a baby (or maybe a zombie) with the goal of giving over-worked and under-staffed information security professionals a simple tool (more like a framework, as we hope to add more features over time) that could be used to identify and train those weakest links. spt is a fully self-contained phishing email toolkit that can be installed, configured and phishing in less than 15 minutes. Its design is modular and open-ended allowing for future expansion and additional features via easy to snap-in modules that are simply uploaded in the administration dashboard. Why not try out spt today and see who your weakest link is?Why do we care about phishing?Simple answer: phishing has become one of the easiest ways to remotely separate people from that which is important to them.
These articles give some good insights into why phishing is on the rise and why you, as an information security professional, should be worried about it.Some quotes to drive the point home perhaps.
- Phishing remains most reliable cyber fraud mechanismCyber criminals are going after online banking users with phishing attacks and taking advantage of user “bad habits” to spread malware… - Travel, education sectors most vulnerable to phishingResearchers sent simulated phishing messages to employees at more than 3,500 small and midsize enterprises (SMEs) and found that recipients at nearly 500 companies, or 15 percent, clicked on a link contained in the message. - Imperva finds master hacker who dupes thousands into phishing armyA recently released, next-generation phishing toolkit promises to automate the tedious task of tricking people into visiting websites designed to steal their financial information. Even better, the toolkit is free. The only hitch: the creators added a backdoor, allowing them to also amass all of the data captured by their phishing toolkit, no matter who uses it. - Phish Tastes Better Than SpamA major source of survival for spammers is consumer spending. With the recession eroding world economies, consumer spending has taken a major hit. Spammers, who thrived on luring consumers to spend money, have definitely been dealt a severe blow. After all, who is going to be lured by spammed products during tough financial circumstances? What logically follows in the worldview of a spammer is the money in your bank account rather than that in your purse. Or, in other words, spammers will shift to baiting consumers with phishing emails to try and steal banking credentials when they know their spam campaigns aren’t working.The problem is big, and getting bigger. Protect your network, your organization and your people…from your people.
« Last Edit: September 10, 2012, 06:51:08 pm by z3ro »
~ God is real. Unless declared as an integer.
