In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
🔗 Free Supply Chain Risk Checkers You’ll Actually Use 🔗
Supply chain attacks are skyrocketing – and a single weak link can cost millions. The good news? There are free tools CISOs can use immediately to monitor suppliers, dependencies, and third-party risks.
Here are the top free supply chain risk checkers:
1️⃣ RiskRecon Free Tier – Evaluate vendor security posture and get actionable insights.
🔗 https://www.riskrecon.com/
2️⃣ OWASP Dependency-Check – Scans project dependencies for known vulnerabilities.
🔗 https://owasp.org/www-project-dependency-check/
3️⃣ Sonatype OSS Index – Identifies vulnerable open-source components in your software supply chain.
🔗 https://ossindex.sonatype.org/
4️⃣ CISA Supplier Risk Resources – Free guidance and tools for assessing critical suppliers.
🔗 https://www.cisa.gov/supply-chain
5️⃣ Snyk Free Tier – Detects vulnerabilities in open-source dependencies and container images.
🔗 https://snyk.io/
6️⃣ WhiteSource Bolt (Free) – Integrated vulnerability scanner for DevOps pipelines.
🔗 https://www.whitesourcesoftware.com/free-developer-tools/
7️⃣ CycloneDX Tools – Open-source Software Bill of Materials (SBOM) generation for tracking components.
🔗 https://cyclonedx.org/tools/
⚡ Takeaway: These tools help CISOs spot weaknesses, prioritize vendor mitigation, and reduce supply chain exposure – without waiting for expensive enterprise solutions.
At AUMINT.io, we simulate social engineering attacks targeting suppliers and employees to uncover hidden supply chain risks that purely technical tools miss.
🔗 Want to see your organization’s hidden weak links? Book a free demo
#SupplyChainSecurity #CISO #CyberSecurity #ThirdPartyRisk #AUMINT
Profile Cloning on Social Media – How Modern Confidence Scams Work
🚨 Social Media Profile Cloning Is More Dangerous Than You Think
💡 Scammers are creating near-identical copies of real profiles to exploit trust networks and access sensitive information.
⚠️ These attacks bypass technical defenses by leveraging familiarity, credibility, and social connections.
🔍 A single cloned profile can initiate multiple attacks – from financial fraud to corporate espionage – putting individuals and organizations at risk.
🔥 AUMINT Trident simulates real-world social engineering scenarios, identifying vulnerabilities and strengthening human defenses before attackers strike.
📅 Protect your team and personal networks from sophisticated scams now: https://calendly.com/aumint/aumint-intro
.
#CISO #CyberSecurity #SocialEngineering #FraudPrevention #HumanFactor #EmployeeAwareness #SocialMediaSecurity
🐝 Free Open-Source Honeypots Exposing Real Attacks Right Now 🐝
Honeypots give CISOs a unique view into attacker behavior – and the best part? Several powerful solutions are completely free and open-source. Here’s a curated list to start deploying today:
1️⃣ Cowrie – SSH and Telnet honeypot that logs brute-force attacks and shell interaction.
🔗 https://github.com/cowrie/cowrie
2️⃣ Dionaea – Captures malware targeting vulnerable services and downloads.
🔗 https://github.com/DinoTools/dionaea
3️⃣ Glastopf – Web application honeypot for detecting and logging exploit attempts.
🔗 https://github.com/mushorg/glastopf
4️⃣ Honeyd – Create virtual hosts to emulate entire networks and trap attackers.
🔗 https://github.com/DataSoft/Honeyd
5️⃣ Snort + Honeywall – IDS combined with honeypot monitoring to detect network attacks.
🔗 https://www.snort.org/
6️⃣ Conpot – ICS/SCADA honeypot to expose attacks on critical infrastructure protocols.
🔗 https://github.com/mushorg/conpot
7️⃣ Thug – Low-interaction client honeypot for tracking web-based exploits.
🔗 https://github.com/bishopfox/thug
8️⃣ Modern Honey Network (MHN) – Centralized honeypot management framework for multiple sensors.
🔗 https://github.com/pwnlandia/mhn
9️⃣ T-Pot – All-in-one honeypot platform combining multiple honeypots with dashboards.
🔗 https://github.com/dtag-dev-sec/t-pot
⚡ Deploying these allows CISOs to observe live attacks, study tactics, and improve defenses before attackers hit production systems.
At AUMINT.io, we go beyond technology – simulating how attackers exploit the human layer to complement technical insights, ensuring your people are as prepared as your systems.
🔗 Curious how your employees would respond if targeted in real-world attack simulations? Book a free demo
#CISO #Honeypots #CyberSecurity #ThreatIntelligence #AUMINT