Web-based Solution Helps Find Security Weakest Links to Prevent Phishing, Malware and Drive-By Attacks
To find the weakest security link in your organization, you need to think like a hacker. Thanks to a new phishing solution called LUCY, companies can now measure and improve awareness towards phishing, malware and drive-by attacks by launching their own realistic phishing campaigns.
Malware and phishing attacks can be devastating for companies in terms of legal liability, reduced sales and bad publicity. Attacks that seem to make headlines daily highlight both the missing technical security precautions and lack of awareness that are a risk for any company. With LUCY, organizations can run their own simulated attacks and find where their organization may be most vulnerable.
LUCY features a simple web-based user interface that includes pre-defined Mail and Web templates. LUCY has been designed so technical and non-technical persons can administrate the platform, and configure custom phishing attacks within minutes.
According to EMC/RSA, global phishing attacks approached 500,000 in 2013 with estimated losses of over $5.9 billion. A joint study by IDC and the National University of Singapore found the cost of data breaches and malware to be $491 billion in 2014, a staggering figure. Even worse, the same study shows that employees are the culprit in installing 20 percent of pirated software that gives attackers access to a company.
With its comprehensive approach to IT security, LUCY can emulate cyberattacks in your own network or in the cloud through four main modules:
- Traditional Phishing Attack: LUCY runs different variations of phishing attacks to measure and improve awareness of your employees. All technical aspects, i.e. sending mail, starting the embedded webserver or generating statistical analysis are handled by the application. In a few clicks, entire websites can be copied to dupe users into leaking usernames, passwords or other sensitive data. Also included is a menu of attack scenario templates (pre-defined websites and mails).
- Malware Attack: LUCY can simulate a malware attack, combining phishing with custom malware samples. You will see who, how far and what type of information can be exposed. LUCY’s malware simulation is non-intrusive and doesn’t interrupt your normal daily business operations.
- Malware Protection Test: This feature allows users to perform security checks without involving employees outside your IT department. Determine your malware-related vulnerabilities on the network, system and application levels.
LUCY can also be customized to allow users to create campaigns and templates that can be used again.
“As hackers become more creative, businesses need to analyze where they are most vulnerable,” said Oliver Muenchow, founder of LUCY. “Could your employees be fooled into entering sensitive data on a professionally appearing website; would they download/execute programs from unknown sources; can malware enter and affect your network without being detected? LUCY helps answer all those questions.”
- Can run within private networks or on the Internet
- Browser Analysis: detect if users access the campaign with vulnerable browsers (plugins)
- Multi-user enabled. Web-based GUI to configure and run phishing campaigns against one or thousands of users
- Website Copy feature: copy existing webpages and integrate them in your campaign
- More than 40 professional designed, fully functional web- & mail templates
- Statistical and comparative analysis in real time of each phishing campaign with custom report template
- Automatic software updates
- Ability to benchmark results
- Backup and restoring campaigns, web & eLearning templates.
- Login filters to check for complex passwords or custom domains required within the login
About LUCY :
LUCY helps companies identify potential weaknesses in their cybersecurity. The web-based solution can prevent cyberattacks and hacks before they happen. Easy to set up and use but with powerful reporting and customization features, LUCY is a necessity for any business looking to protect against malware, phishing and “drive-by” attacks.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.