In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
The Coming Wave of Social Engineering Attacks No One is Ready For
🛑 The AI-Powered Social Engineering Storm Is Coming
💡 Imagine getting a voice call from your CEO – but it’s not them. It’s a deepfake, paired with a perfectly written urgent email.
⚠️ That’s the next generation of phishing – faster, smarter, and terrifyingly convincing.
🤖 AI can now scrape your social media, corporate bios, and leaked data in seconds to create hyper-personalized attacks that feel 100% real.
🎯 This means your staff won’t just get generic spam. They’ll get messages with insider details, references to real projects, and even personal anecdotes.
🛡️ The solution isn’t just more training – it’s proactive intelligence. Dark web monitoring, deepfake detection, and continuous behavioral awareness are now mission-critical.
📉 Without them, even experienced executives will fall for scams that feel like direct conversations with trusted contacts.
📢 The attackers aren’t waiting – and neither should you. Book your AUMINT.io strategy session today to get ahead of the threat curve.
#CyberSecurity #SocialEngineering #FraudPrevention #DeepfakeThreats #CISOs #RiskManagement #DataSecurity #BusinessContinuity
🔐 CISOs: Free Resources for Implementing Data Loss Prevention (DLP) 🔐
Protecting sensitive data is a top priority, but deploying an effective DLP program can feel overwhelming – especially with limited budgets.
Luckily, there are excellent free resources designed to help CISOs plan, implement, and optimize DLP without costly licensing.
Here’s a curated list of top free DLP resources every CISO should explore:
1️⃣ CISA Data Protection Toolkit – Practical templates and guides to jumpstart your DLP strategy.
https://www.cisa.gov/data-protection
2️⃣ Microsoft DLP Policies Guide (M365) – Step-by-step instructions for setting up native DLP in Microsoft 365 environments.
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies
3️⃣ GitHub Open-Source DLP Tools – A collection of scripts and lightweight tools for data discovery and monitoring.
https://github.com/topics/data-loss-prevention
4️⃣ NIST Special Publication 800-171 – Controls and best practices to safeguard controlled unclassified information.
https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
5️⃣ Data Loss Prevention Framework by OWASP – Best practices for developers and security teams to build DLP into applications.
https://owasp.org/www-project-data-protection/
6️⃣ Google Workspace DLP Resources – Free guides to configure DLP in Google environments.
https://support.google.com/a/answer/7669608
7️⃣ The Privacy Rights Clearinghouse Data Protection Guide – Clear explanations of data protection principles and practical steps.
https://privacyrights.org/consumer-guides/data-protection
Implementing DLP is more than tech – it’s people, process, and policy.
Want to test your team’s susceptibility to accidental or intentional data leaks? AUMINT.io’s social engineering simulations highlight human risks that DLP tools can’t see.
📅 Explore how: Book a free intro call
🗂️ Save this post and strengthen your data protection efforts today!
#CISO #DataLossPrevention #DLP #CyberSecurity #InfoSec #AUMINT
The 19 Million Dollar Phishing Lesson No Business Can Ignore
🚨 The $19M Phishing Scam Every Business Should Fear
💡 A single phishing email cost a Milford firm 19 million dollars – and now they’re facing a negligence lawsuit.
📉 This wasn’t a sloppy scam. It was a precise, calculated attack where criminals perfectly mimicked trusted contacts. The transfer seemed legitimate… until it was too late.
🛑 The fallout? Vanished funds, broken trust, legal battles, and reputational damage that no insurance can fix.
🔍 Modern phishing isn’t random – it’s targeted, researched, and designed to bypass standard defenses. Spam filters can’t stop it. Firewalls can’t see it.
⚠️ The real weakness? A moment of human trust. Without continuous training, dark web monitoring, and real-time threat detection, even the most secure-looking organization is at risk.
💼 Lawsuits like this prove one thing – prevention isn’t optional. Clients and regulators expect proof of strong, proactive defense measures.
📢 Don’t gamble with your reputation or revenue. Book your AUMINT.io strategy call now and make sure your business never becomes the next headline.
#CyberSecurity #FraudPrevention #CISOs #FinanceLeaders #RiskManagement #PhishingPrevention #DataSecurity #BusinessContinuity