In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
🌐 Free DNS Monitoring Tools Revealing Stealthy Attacks 🌐
DNS is the backbone of your network – and attackers increasingly exploit it for data exfiltration, command-and-control, and malware communication. The good news? There are free tools CISOs can use to monitor and detect stealthy DNS attacks.
Here are the top free DNS monitoring tools:
1️⃣ SecurityTrails Free Tier – Track domain changes, DNS records, and suspicious activity.
🔗 https://securitytrails.com/
2️⃣ Farsight DNSDB (Community Access) – Historical DNS data to detect anomalies.
🔗 https://www.farsightsecurity.com/solutions/dnsdb/
3️⃣ PassiveTotal (Free Plan) – Aggregates DNS and threat intelligence for early detection.
🔗 https://www.riskiq.com/solutions/passivetotal/
4️⃣ OpenDNS Investigate (Free Tier) – Domain reputation and threat visibility from Cisco.
🔗 https://umbrella.cisco.com/products/investigate
5️⃣ Quad9 DNS Monitoring – Free recursive DNS service with threat blocking and logging.
🔗 https://www.quad9.net/
6️⃣ Pi-hole – Network-level DNS sinkhole that can monitor and block suspicious domains.
🔗 https://pi-hole.net/
7️⃣ Dnstrails Community Edition – DNS intelligence and threat mapping.
🔗 https://dnstrails.com/
⚡ These tools provide early indicators of compromise, helping CISOs spot threats before they escalate. DNS monitoring is often overlooked, but it’s a powerful layer of defense.
At AUMINT.io, we combine technical monitoring with human attack simulations, showing how attackers leverage phishing, vishing, and social engineering to exploit DNS and user behavior simultaneously.
🔗 Want to see how your team would react to DNS-targeted attacks? Book a free demo
#DNSMonitoring #CISO #CyberSecurity #ThreatDetection #AUMINT
Financial Scams Are Exploiting Human Trust – Protect Your Wealth Now
💰 Financial Scams Are Exploiting Human Trust
⚠️ Social engineering attacks are targeting wealth management clients, executives, and finance teams, manipulating trust to bypass traditional cybersecurity measures.
📞 Emails, phone calls, and social media interactions are weaponized to impersonate advisors or pressure targets into transferring funds.
💡 A single compromised communication can trigger massive financial loss, making human behavior the weak link in modern wealth protection.
🔍 AUMINT Trident simulates real-world social engineering attacks on finance teams, revealing vulnerabilities and guiding actionable security improvements before incidents occur.
📅 Protect your organization and clients today: https://calendly.com/aumint/aumint-intro
.
#CISO #FinanceSecurity #WealthManagement #SocialEngineering #FraudPrevention #ExecutiveProtection #HumanFactor
☁️ Free SaaS Risk Assessment Platforms No One Talks About ☁️
SaaS adoption is skyrocketing, but unchecked apps create hidden security and compliance risks. Luckily, there are free platforms CISOs can leverage to assess SaaS risk without a huge budget.
Here are top free SaaS risk assessment tools:
1️⃣ BitSight Free Insights – Basic SaaS risk scoring and vendor exposure overview.
🔗 https://www.bitsight.com/
2️⃣ Cloud Security Alliance (CSA) STAR Self-Assessment – Framework to evaluate cloud/SaaS provider security posture.
🔗 https://cloudsecurityalliance.org/star/
3️⃣ RiskRecon Free Tier – Provides risk ratings and supplier insights for SaaS applications.
🔗 https://www.riskrecon.com/
4️⃣ AppOmni Free Plan – SaaS security posture assessment for collaboration apps and CRMs.
🔗 https://www.appomni.com/
5️⃣ SaaS Security Alliance (SSA) Tools – Templates and guides for evaluating SaaS risk.
🔗 https://www.saassecurityalliance.org/
6️⃣ OpenPages SaaS Risk Templates – Free templates for mapping SaaS applications to risk categories.
🔗 https://www.ibm.com/products/openpages
7️⃣ CloudSploit Community Edition – Checks misconfigurations and risk in SaaS-integrated cloud services.
🔗 https://github.com/aquasecurity/cloudsploit
⚡ Takeaway: Even free tools provide visibility, scoring, and actionable recommendations that help CISOs reduce shadow IT and prevent SaaS-related breaches.
At AUMINT.io, we complement these assessments by simulating how employees interact with SaaS apps and could be manipulated, exposing hidden human risks that automated tools may miss.
🔗 Want to see where your human layer exposes SaaS risk? Book a free demo
#SaaSSecurity #CISO #CyberSecurity #SupplyChainRisk #AUMINT