With the use of phishing simulation you now know that X% of your employees downloaded and executed an unknown file. But from a technical point of view, what kind of dangerous file types can get to the employee and how big is the risk if such a file is actually executed?
The E-mail and Internet malware protection test gives you an insight into how your mail server and web proxy handle different variations of test files. This allows you to see whether potential malicious code, such as Java files, backdoors, scripts, embedded Office Objects, etc., is detected and blocked by the filter infrastructure. Based on these results, you can then carry out targeted phishing campaigns.
To reduce the risk from malware in your environment, you need safe and effective ways to test your systems. This is where LUCY’s Malware Simulation Toolkit (LHFC) comes into play. LHFC is an advanced malware simulation suite capable of emulating various threat scenarios equivalent to many of the tools that hackers employ. The local Windows test (LHFC) will let you know if your defenses work in case an employee executes a malicious file.
Image: Malware Simulation (LHFC)
- Does your AV detect known Malware downloads?
- Is your SIEM able to trigger activities from this tool?
- Is Malware able to modify System Settings?
- Is Malware able to communicate to external servers?
- Can Malware access sensitive data on the local host or your intranet?
- What type of file types can be sent as attachments to the end user?
- What type of file types can be downloaded from a website by the user?
- Does your internet- and mail protection software detect potential malware?
- Does your internet- and mail protection software detect masked malware?
- …and many more