Method and system for assessing data security

US 10,432,656 B2
Filed: 04/28/2016
Issued: 10/01/2019
Est. Priority Date: 04/28/2016
Status: Active Grant

First Claim

Patent Images

1. A method for conducting a simulated phishing attack on one or more phishing attack target devices associated with an administrator, comprising:

selecting, with a processor, one or more phishing attack target devices from a plurality of phishing attack target devices,generating, with the processor, a test message intended for the one or more phishing attack target devices, the test message comprising a message body and a message hyperlink referring to a website associated with the administrator, andsending, with the processor, the test message intended for the one or more phishing attack target devices to the one or more phishing attack target devices;

electronically recording, in a computer readable storage medium, one or more devices that have accessed the website;

identifying, with the processor, a device in the one or more devices that have accessed the website that is also a phishing attack target device in the one or more phishing attack target devices, and identifying a user associated with the device;

prompting the user associated with the device to authorize a download of a malicious app from the website, and, after the authorization is received, downloading the malicious app;

installing a malicious app on a phishing attack target device, and, upon initiation of the malicious app, identifying, with the malicious app, at least one phishing attack target device vulnerability;

installing, from the malicious app, on a phishing attack target device that has downloaded the malicious app, using the at least one phishing attack target device vulnerability, an on-device agent configured to automatically send test messages using the processor of the phishing attack target device, the on-device agent further configured to scan a memory of the phishing attack target device using the processor of the phishing attack target device for at least one of;

personal data, corporate data, network information, an exploitable device vulnerability created by one or more of the user'"'"'s programs, or an exploitable network vulnerability created by the presence of the phishing attack target device on the network;

retrieving, from the memory of the phishing attack target device, contact information for a second phishing attack target device of another user, and automatically sending, with the on-device agent and using the processor of the phishing attack target device, a second test message directly to the second phishing attack target device, the second test message comprising a second message body and a second message hyperlink referring to the website; and

automatically enrolling, with the processor, the user in a security course.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for conducting simulated phishing attacks. This may include identifying a target device from a list, such as a corporate directory, and sending a message to the device with a link to a website. On the website, the user may be directed to or enrolled in a network security course, or may be directed to install an app, which may then be used to gather data or further conduct simulated phishing attacks on other devices on a network.

21 Citations

16 Claims

1. A method for conducting a simulated phishing attack on one or more phishing attack target devices associated with an administrator, comprising:
- selecting, with a processor, one or more phishing attack target devices from a plurality of phishing attack target devices,generating, with the processor, a test message intended for the one or more phishing attack target devices, the test message comprising a message body and a message hyperlink referring to a website associated with the administrator, andsending, with the processor, the test message intended for the one or more phishing attack target devices to the one or more phishing attack target devices;
  
  electronically recording, in a computer readable storage medium, one or more devices that have accessed the website;
  
  identifying, with the processor, a device in the one or more devices that have accessed the website that is also a phishing attack target device in the one or more phishing attack target devices, and identifying a user associated with the device;
  
  prompting the user associated with the device to authorize a download of a malicious app from the website, and, after the authorization is received, downloading the malicious app;
  
  installing a malicious app on a phishing attack target device, and, upon initiation of the malicious app, identifying, with the malicious app, at least one phishing attack target device vulnerability;
  
  installing, from the malicious app, on a phishing attack target device that has downloaded the malicious app, using the at least one phishing attack target device vulnerability, an on-device agent configured to automatically send test messages using the processor of the phishing attack target device, the on-device agent further configured to scan a memory of the phishing attack target device using the processor of the phishing attack target device for at least one of;
  
  personal data, corporate data, network information, an exploitable device vulnerability created by one or more of the user'"'"'s programs, or an exploitable network vulnerability created by the presence of the phishing attack target device on the network;
  
  retrieving, from the memory of the phishing attack target device, contact information for a second phishing attack target device of another user, and automatically sending, with the on-device agent and using the processor of the phishing attack target device, a second test message directly to the second phishing attack target device, the second test message comprising a second message body and a second message hyperlink referring to the website; and
  
  automatically enrolling, with the processor, the user in a security course.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the plurality of phishing attack target devices comprise a plurality of phones, each phone having a phone number;
    - andwherein the step of selecting, with the processor, one or more phishing attack target devices from a plurality of phishing attack target devices comprises selecting one or more phone numbers from a plurality of phone numbers.
  - 3. The method of claim 1, further comprising:
    - prompting the user to download a file, wherein the file comprises at least one vulnerability, the vulnerability comprising computer program code that, when stored on the memory of a mobile device, configures the mobile device to be susceptible to at least one external attack.
  - 4. The method of claim 1, further comprising directing the user to a training website.
  - 5. The method of claim 1, further comprising alerting an information security manager that the user has accessed the website.
  - 6. The method of claim 1, further comprising soliciting, on the website, a credential of the user.

7. A method for conducting a simulated phishing attack on a phishing attack target device associated with an administrator, comprising:
- selecting, with a processor, a phishing attack target device from a plurality of phishing attack target devices,generating, with the processor, a test message intended for the phishing attack target device, the test message comprising a message body and a message hyperlink referring to a website associated with the administrator, andsending, with the processor, the test message intended for the phishing attack target device to the phishing attack target device;
  
  displaying, on a display of the phishing attack target device, the website, the website comprising a download location for a malicious app, the malicious app being configured to communicate with a server apparatus and being configured to obfuscate its communications with the server apparatus;
  
  prompting a user of the phishing attack target device to download the malicious app from the website, and, after an instruction of the user is received, downloading and installing the malicious app;
  
  electronically recording, in a computer readable storage medium, a phishing attack target device that has downloaded the malicious app;
  
  identifying, with the processor, the user of the phishing attack target device that has downloaded the malicious app;
  
  upon initiation of the malicious app, identifying, with the malicious app, at least one phishing attack target device vulnerability, and installing, from the malicious app, on a phishing attack target device that has downloaded the malicious app, using the at least one phishing attack target device vulnerability, an on-device agent configured to automatically send test messages using the processor of the phishing attack target device, the on-device agent further configured to scan a memory of the phishing attack target device using the processor of the phishing attack target device for at least one of;
  
  personal data, corporate data, network information, an exploitable device vulnerability created by one or more of the user'"'"'s programs, or an exploitable network vulnerability created by the presence of the phishing attack target device on the network;
  
  retrieving, from the memory of the phishing attack target device, contact information for a second phishing attack target device of another user, and automatically sending, with the on-device agent and using the processor of the phishing attack target device, a second test message to the second phishing attack target device, the second test message comprising a second message body and a second message hyperlink referring to the website; and
  
  mitigating the security risk of the user.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein mitigating the security risk of the user comprises at least one of directing the user to a training website, enrolling the user in a training class, or alerting an information security manager that the user has downloaded the malicious app.
  - 9. The method of claim 7, wherein the plurality of phishing attack target devices comprise a plurality of phones, each phone having a phone number;
    - andwherein the step of selecting, with the processor, a phishing attack target device from a plurality of phishing attack target devices comprises selecting one or more phone numbers from a plurality of phone numbers.
  - 10. The method of claim 9, wherein the plurality of phone numbers is a corporate directory.
  - 11. The method of claim 7, wherein the malicious application is a modified version of a commercially available application, and wherein the malicious application is presented on the website as if it were the commercially available application.
  - 12. The method of claim 7, further comprising:
    - communicating, with the malicious app, a scan result of the on-device agent scan to a server apparatus.
  - 13. The method of claim 7, further comprising:
    - identifying, with the processor, an access-restricted network to which the phishing attack target device has access;
      
      receiving a first communication from the server apparatus and transmitting the first communication to a device on the access-restricted network; and
      
      receiving a second communication from the device on the access-restricted network and transmitting the second communication to the server apparatus.

14. A system for assessing data security, comprising:
- a server apparatus, the server apparatus comprising a database, a web server, an engine comprising a processor, and a listener system, the listener system comprising at least one of a listener and a poller; and
  
  a phishing attack target device, the phishing attack target device having a processor and a memory comprising a malicious app authorized by an administrator of a network and including computer program code, the memory and the computer program code configured to, with the processor, cause the phishing attack target device to at least;
  
  receive, with a processor of the phishing attack target device, communications from the engine of the server apparatus;
  
  send, with the processor of the phishing attack target device, communications to the listener system of the server apparatus; and
  
  upon initiation of the malicious app, identify at least one phishing attack target device vulnerability, and install, with the processor of the phishing attack target device and on a memory of the phishing attack target device, using the at least one phishing attack target device vulnerability, an on-device agent configured to automatically send test messages using the processor of the phishing attack target device, the on-device agent further configured to scan a memory of the phishing attack target device using the processor of the target device for at least one of;
  
  personal data, corporate data, network information, an exploitable device vulnerability created by one or more of the user'"'"'s programs, or an exploitable network vulnerability created by the presence of the phishing attack target device on the network;
  
  wherein the on-device agent is configured to retrieve, from the memory of the phishing attack target device, contact information for a second phishing attack target device of another user, and automatically send, with the processor of the phishing attack target device, a test message directly to the second phishing attack target device, the test message comprising a second message body and a second message hyperlink, the second message hyperlink referring to a website on which the malicious app can be downloaded.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, wherein the on-device agent is configured to scan, with the processor of the phishing attack target device, a memory of the phishing attack target device, and obtain a scan result;
    - andcommunicate, with the processor of the phishing attack target device, the scan result to the listener system of the server apparatus.
  - 16. The system of claim 14, wherein the on-device agent is configured to identify, with the processor of the phishing attack target device, an access-restricted network to which the phishing attack target device has access;
    - receive a first communication from the engine of the server apparatus and transmit the first communication to a device on the access-restricted network; and
      
      receive a second communication from the device on the access-restricted network and transmitting the second communication to the listener system of the server apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shevirah Inc.
Original Assignee
Shevirah Inc.
Inventors
Weidman, Georgia
Primary Examiner(s)
King, John B
Assistant Examiner(s)
Golriz, Arya

Application Number

US15/140,781
Publication Number

US 20170318046A1
Time in Patent Office

1,251 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04W 12/12   Detection or prevention of ...

Method and system for assessing data security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for assessing data security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links