Friday, March 5, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

LUCY Phishing Server Lets You Phish Yourself to Defeat Hackers

by Corporate Compliance Insights
August 26, 2015
in GRC Vendor News
LUCY Phishing Server Lets You Phish Yourself to Defeat Hackers

New Features Expose Your Organization’s Weakest Security Links

PALO ALTO, CA (August 25, 2015) – Phish yourself; don’t wait for others to do it. LUCY today announced V. 2.2 of its phishing server, which allows a company or individual to phish itself to find its weakest security links.

Until today, we let hackers take control of phishing and malware attacks and focused mainly on the defensive part, according to LUCY founder Oliver Muenchow. But there’s a better way to combat phishing. The newest release of LUCY, at www.phishing-server.com, can turn any laptop PC into a full security assessment environment, allowing users to simulate phishing and malware attacks and even build awareness by teaching users about the threats. It is free to download for individuals and companies with up to 100 employees and also available as a commercial product.

LUCY has been designed so technical and non-technical persons can administrate the platform, using it to configure traditional or custom phishing attacks, and malware attacks; perform malware protections tests; and implement an eLearning module to provide the necessary training to improve employee awareness. LUCY features a simple web-based user interface that includes pre-defined mail and web templates – no need to go to hacking school, because LUCY takes care of that.

“When we read about the Carbanak gang using malware to steal $1 billion from banks, or hackers turning Sony inside out to embarrass a lot of well-known figures, we tend to think some shady, even government-funded, underground organization is behind it,” Muenchow said. “With LUCY, we are now able to simulate those exact patterns used in the Carbanak and Sony attacks to find out if those attacks would work in that user’s environment.”

LUCY was developed in Switzerland initially for the financial sector, but is now available for anyone.  As hackers become more creative, businesses need to analyze where they are most vulnerable. Could employees be fooled into entering sensitive data on a professionally appearing website? Would they download/execute programs from unknown sources? Can malware enter and affect your network without being detected? LUCY helps answer all these questions and can be customized to allow users to create reusable campaigns and templates.

New features of LUCY v. 2.2 add Interactive Sessions, BeEF Integration and Technical Malware Simulation to the solution.

Interactive Sessions – Allows users to run console commands on victim machines and get feedback in real time. Users can now expose how attackers are able to leverage application and browser flaws to launch “inside-out” attacks, which allows them to assume the role of the trusted insider and gain control of the website as experienced in the Carbanak $1 billion hack.

Having control over the website, the attacker is now able to send back commands (or interactive sessions) to that victim within that already established web connection. Using this feature within LUCY, we can now simulate such attacks. Since LUCY is mimicking the attack from A to Z, users don’t need to have in-depth IT security skills to verify the exposure against such attacks.

BeEF Integration – Optionally gather advanced information about your users using a BeEF tool. With Browser Exploitation Framework (BeEF) integrated into LUCY, companies can now discover: if those users fall for an attack with vulnerable browsers that could be exploited, would their browser security settings have prevented more damage from browser exploitation type malware?

Technical Malware Simulation – Checks if users are vulnerable to common malware threats and attack methods. An advanced persistent threat (APT) is a network attack where an unauthorized person gains access to a network and stays undetected for a long period of time to steal data. There are hundreds of millions of malware variations, which makes it extremely challenging to protect against APT.

LUCY’s Malware Simulation feature can simulate those attack patterns. This is the only LUCY module where employees are not involved. It works more like a virus scanner that can be downloaded by an IT security officer to a workstation and then executed to measure the robustness against possible APT attacks.

LUCY can be downloaded at http://phishing-server.com.

About LUCY

LUCY helps companies identify potential weaknesses in their cybersecurity. The web-based solution can prevent cyber attacks and hacks before they happen. Easy to set up and use, but with powerful reporting and customization features, LUCY is a necessity for any business looking to protect against malware, phishing and “drive-by” attacks. Learn more at http://phishing-server.com.


Previous Post

How Millennials are Going to Pave the Way to Improve Corporate Compliance

Next Post

Q&A with Fabiana Lacerca-Allen

Corporate Compliance Insights

Related Posts

hands holding seedling in eggshell

SEC Announces Enforcement Task Force Focused on Climate and ESG Issues

March 4, 2021
SEC emblem on building exterior

SEC Division of Examinations Announces 2021 Examination Priorities

March 3, 2021
cybernetic brain in form of human brain in cyberspace

Strike Graph Introduces First-Ever AI Tech Platform to Automate Security Questionnaires

March 1, 2021
red paper plane breaking rank from white paper planes

Diligent to Become Largest Global GRC SaaS Company Through Galvanize Acquisition

February 24, 2021
Next Post
Q&A with Fabiana Lacerca-Allen

Q&A with Fabiana Lacerca-Allen

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights