In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
🖥️ CISOs: 10 Free Tools to Improve Your Endpoint Security Posture 🖥️
Endpoints are the gateways attackers target most. Securing them effectively means using the right tools — and you don’t always need a big budget to start.
Here’s a curated list of 10 free tools every CISO should explore to strengthen endpoint security across your environment:
1️⃣ Microsoft Defender for Endpoint (Free Tier) – Basic protection and detection for Windows endpoints.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint
2️⃣ OSQuery – Query your endpoints in real time with SQL-like commands for visibility and auditing.
https://osquery.io/
3️⃣ Lynis – Security auditing and hardening tool for Unix/Linux systems.
https://cisofy.com/lynis/
4️⃣ GRR Rapid Response – Remote live forensics and incident response framework.
https://github.com/google/grr
5️⃣ Kaspersky Virus Removal Tool – Free on-demand malware scanner and remover.
https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool
6️⃣ CrowdStrike Falcon Sensor (Free Trial) – Lightweight endpoint detection and response for testing.
https://www.crowdstrike.com/
7️⃣ Bitdefender Rescue CD – Offline bootable tool for deep malware cleanup.
https://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html
8️⃣ Wazuh Agent – Endpoint monitoring and log collection integrated with SIEM.
https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/index.html
9️⃣ Cisco AMP for Endpoints (Trial) – Malware protection combined with analytics.
https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html
🔟 Traccar – Open-source GPS tracking to monitor mobile endpoint locations and usage.
https://www.traccar.org/
These tools provide a strong foundation to identify, analyze, and respond to threats without upfront licensing costs.
Want to identify hidden human risks that can lead to endpoint breaches? AUMINT.io runs live social engineering attack simulations so you can measure and reduce human vulnerabilities.
📅 Ready to strengthen your endpoint security? Book a free intro call
🛡️ Save this post and empower your security team with these no-cost tools today!
#CISO #EndpointSecurity #EDR #CyberSecurity #ThreatDetection #AUMINT
The Alarming Rise of Social Engineering Attacks in 2025 – Why No One Is Safe
🎯 Social Engineering Surge – Are Your People Ready?
🚨 The first half of 2025 has seen a sharp rise in social engineering attacks – and they’re more convincing than ever.
💥 Criminals are using AI, deepfakes, and hyper-realistic phishing to impersonate executives, trick employees, and bypass even strong technical defenses.
🕵️ No sector is safe – from small businesses to government agencies, attackers target anyone who can be pressured into a quick decision.
⚠️ The most dangerous myth? Thinking “our staff would never fall for this.” Even trained employees can be manipulated under the right pressure.
📊 Prevention starts with continuous awareness training, phishing simulations, and clear reporting channels – combined with real-time monitoring to detect early signs of an attack.
📢 The weakest link is often human, but with the right approach, your people can become your strongest defense. Book your AUMINT.io consultation today.
#CyberSecurity #SocialEngineering #Phishing #FraudPrevention #RiskManagement #CISOs #ITSecurity #DataProtection
🎓 CISOs: Free Security Awareness Training Platforms to Recommend 🎓
Training your workforce is your best defense against phishing, social engineering, and insider threats. Yet, budgets are tight and training fatigue is real.
Here’s a list of free security awareness training platforms that deliver quality content and engagement without costing a dime:
1️⃣ Cybrary – Offers foundational security courses and phishing awareness modules.
https://www.cybrary.it/
2️⃣ Infosec Skills Free Tier – Access select awareness courses and phishing simulations at no cost.
https://www.infosecinstitute.com/skills/
3️⃣ KnowBe4 Free Phishing Security Test – Quick assessment tool to benchmark your team’s phishing susceptibility.
https://www.knowbe4.com/phishing-security-test
4️⃣ Google Phishing Quiz – Interactive quiz for users to spot phishing attacks.
https://phishingquiz.withgoogle.com/
5️⃣ Sans Security Awareness Free Resources – Videos, posters, and tips to complement training efforts.
https://www.sans.org/security-awareness-training/resources/free-resources
6️⃣ Open Security Awareness – Open-source, customizable awareness training modules for teams.
https://opensecurityawareness.org/
7️⃣ MetaPhish Free Plan – Basic phishing simulation and training platform for small teams.
https://metaphish.com/free-phishing-simulation
Empowering your employees with the right knowledge builds your strongest defense layer.
Want to amplify your training with real-world social engineering attack simulations that reveal hidden risks?
📅 Book a free AUMINT.io intro call: Schedule here
💡 Save this post and recommend these platforms to your security champions!
#CISO #SecurityAwareness #PhishingTraining #HumanRisk #AUMINT