In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
Low-Cost Honeypots That Catch Attackers Before They Hurt You
🐝 Honeypots Catch Attackers Cheap and Fast
🐝 Honeypots are decoys that legitimate users never touch – when they trigger, you know an attacker is inside your sightline.
🔍 Simple decoys like fake admin accounts, bogus API keys, or dummy repos produce high-fidelity alerts without the false-positive noise of costly SIEM setups.
⚠️ In one real case, planted OAuth tokens exposed a contractor trying to exfiltrate sensitive data in days – setup cost: a few hours.
🧭 For budget-constrained teams, honeypots change the detection game – you chase signals that should never exist, not faint anomalies buried in normal logs.
🛡️ They are not a cure-all – pair them with social engineering simulations, least-privilege policies, and continuous monitoring to close the human gaps attackers exploit.
📊 AUMINT.io simulates realistic human-targeted attacks and shows you where employees or vendors will likely fall for lures that lead attackers to your crown jewels.
🚀 Want a step-by-step deployable plan this week? Schedule your demo
#CyberSecurity #SOC #CISO #Infosec #SecurityOps #Honeypots #AUMINT
Storm-2657 Payroll Pirate Attacks Expose University HR Risks
🚨 Storm-2657 Payroll Pirates Target Universities
Microsoft warns of attacks hijacking employee accounts to steal salaries.
💡 HR SaaS platforms like Workday are being exploited with phishing and MFA bypass.
👥 Attackers use AiTM phishing links, enroll their own MFA devices, and hide email notifications to reroute payroll.
⚡ 11 accounts compromised across three universities sent phishing emails to nearly 6,000 targets.
✅ Adopt phishing-resistant MFA like FIDO2 keys.
✅ Review accounts for unknown MFA devices and malicious inbox rules.
✅ Educate staff to recognize phishing tactics.
AUMINT.io helps organizations detect hidden gaps through simulations and continuous monitoring – Book your session now
.
#CyberSecurity #MFA #Phishing #PayrollSecurity #HigherEducation #MicrosoftSecurity
Corporate Social Media Accounts – Hidden Risks You Can’t Ignore
🚨 Corporate Social Media – Your Hidden Security Threat
Marketing teams often control accounts, not IT.
💡 Shared credentials and disabled MFA leave dormant accounts open to attacks.
⚡ Attackers can post offensive messages, redirect ad spend, or distribute malware.
👥 MFA bottlenecks and social engineering create human factor vulnerabilities.
✅ IAM/IGA tools like Cerby centralize access, enforce MFA, and rotate passwords.
✅ Continuous monitoring prevents ghost accounts and unauthorized posts.
AUMINT.io simulates attacks and uncovers hidden risks before damage occurs – Book your session now
.
#CyberSecurity #SocialMediaSecurity #FraudPrevention #BrandProtection #CISO #ITSecurity