Hoxhunt

Our data reveals: behavior change training dramatically reduces malicious attachment risks... Malicious attachments continue to be one of the most successful phishing techniques in cybercriminals' arsenal. Why? Because they tap into our natural curiosity. 📊 Our research data tells an interesting story... Before training, the numbers are concerning. Only 34% of users successfully report malicious attachment simulations. And 11% fail by opening the attachment or clicking embedded links. But here's where the data gets interesting... After implementing adaptive security behavior training, we see dramatic improvement. Failure rates cut by 2.5x within just 6 months. Success rates more than double from 34% to 74% after 12 simulations. And after 14 simulations, success rates climb to an impressive 80%! Most importantly, failure rates plummet by 5.5x from 11% to below 2%. These improvements significantly outpace our global averages for general phishing training (67% success and 3% failure after 12 months). What this tells us is clear... 💡 With regular, adaptive training that simulates real-world threats, people quickly develop the instinctive suspicion needed when encountering emails with attachments. Link to our full 2025 Phishing Trends Report in comments below 👇 #CyberSecurity #PhishingAwareness #SecurityTraining #HumanRisk #BehaviorChange #HoxHunt

Join Hoxhunt at the E-Crime Conference in London next week! 🇬🇧 (hosted by e-Crime & Cybersecurity Congress Events Series) We're thrilled to announce that our very own Noora Ahmed-Moshe will be delivering two talks... 🗓️ Tuesday, March 4th at 3:00 PM - "The Human Edge: Evolving Security Culture in the Age of AI" What you'll learn: ✅ How AI is transforming the threat landscape with sophisticated, targeted campaigns. ✅ The psychological triggers being used by attackers. ✅ How organizations can develop essential skills and leadership strategies for a robust security culture. ✅ Practical tips for leveraging the human element as a strategic advantage against AI-powered threats. ____ 🗓️ Wednesday, March 5th at 10:30 AM - "Transforming Cybersecurity Culture: Venator's Blueprint for Behaviour Change" Noora will be joined by Ian Littlefair, Head of Cybersecurity at Venator Materials Plc, for this session to find out how Venator successfully transformed its cybersecurity strategy by embedding behaviour change into its culture. What you'll learn: ✅ How Venator overcame key challenges in managing human risk. ✅ The role of tailored, continuous training in fostering secure behaviours. ✅ Strategies to create a culture of psychological safety that encourages positive engagement. ✅ Why leadership alignment and data-driven insights are essential for sustained change. ✅ Proven techniques to transform employees into your strongest cybersecurity defence. ____ 🔗 Agenda and registration: https://lnkd.in/dHG8UNU #Cybersecurity #HumanRisk #SecurityCulture #ECrimeLondon #HoxHunt #BehaviorChange #AIThreats

Here's what security leaders need to know about the rise of AI phishing attacks... 📊 We found that of 386,000 malicious phishing emails, only a tiny fraction (between 0.7% and 4.7%) were actually crafted by AI. But although we haven't seen a huge shift in attacks completely generated by AI, its likely playing a role in lowering the threshold to start phishing operations... Which may explain why we've also seen an increase in the overall volume of phishing emails. ____ So, while there hasn't been a boom in AI-generated phishing emails (yet), there may well be an increasing number of AI-enhanced emails. For now, despite all the hype AI-generated phishing attacks, traditional human-created phishing attempts still dominate the cyber threat landscape. But this may not continue to be the case. While AI-generated phishing emails might be relatively rare in employee inboxes today, they represent a rapidly evolving threat that's getting smarter by the day. What we're seeing today may well be the calm before the storm 🌪️ ____ 🔗 Want more insights on the 2025 threat landscape? Link to our Phishing Trends Report in comments below. #Cybersecurity #AIThreats #PhishingAttacks #InformationSecurity #CyberDefense

Forget failure rate. What are the real 4 essential phishing metrics? Phishing training works when security awareness managers ceases to be beholden to failure rate, and starts measuring the key elements of good email security behavior. Most importantly, these metrics must be tracked in both the simulated and real environments. Only then will we see whether the training is having real impact on human risk. Cybersecurity experts agree that: ✅ The traditional security awareness training (SAT) model is ineffective... ✅ Phishing training is the key to human risk management. This is an emerging category, so it’s critical to understand the 4 essential metrics to shape and track an adaptive phishing training program... 👉 Simulated dwell time 👉 Simulated threat reporting 👉 Real dwell time 👉 Real threat detection ⏰ Dwell time: the period between a threat infiltrating your network and its detection by an employee. Essentially - how long a threat “dwells” unchecked. In cybersecurity terms, it’s a race between attackers and employees, where every second counts. Dwell time is not measured in a security awareness training platform, and only in a few adaptive phishing training platforms (like Hoxhunt). 📊 Reporting rate: when a user successfully reports a phishing simulation. Within training programs, simulated threats help prepare users for the real thing. The reporting rate for simulations gives you an idea of how people have engaged with your training. ____ How do you connect training to real-world impact? Well, you can connect training to real-world impact showing that what was learned in training is actually working when it counts most. An impactful data visualization will show that as phishing simulation reporting rates go up, so too will real detected threats. An adaptive training program is only as good as its measurable impact on actual threat detection and reaction times in the workplace. Link to our guide to phishing metrics in comments below 👇

🚨 Lazarus Group targeting developers with sophisticated npm package Attack A concerning development in the cybersecurity landscape: The notorious Lazarus Group is actively compromising developers through malicious npm packages. This attack shows remarkable sophistication in targeting the software supply chain. 🔎 Attack Breakdown: - Attackers create legitimate-looking npm packages - Target package names mimic popular web development tools - Malicious code is cleverly obfuscated within seemingly normal functionality - Exploits developers' trust in the npm ecosystem ⚡ Technical Details: - Attack uses a malicious package named "get-port-native" - Contains a Base64-encoded PowerShell script - Establishes persistence through scheduled tasks - Deploys additional malware stages for deeper system compromise 🎯 Why This Matters: - Supply Chain Impact: Any compromised developer could unknowingly spread malware through their projects - Wide Reach: npm packages are fundamental to modern web development - Trusted Source Attack: Exploits the implicit trust developers place in npm registry - Attribution: Linked to North Korea's state-sponsored Lazarus Group 🛡️ Protective Measures for Developers: - Thoroughly verify new npm packages before installation - Use package analysis tools like Socket - Implement strict package vetting in CI/CD pipelines - Monitor system behavior after package installations - Keep development environments isolated from production systems ⚠️ Red Flags to Watch For: - Packages with names similar to popular tools - Recently published packages with few downloads - Minimal or suspicious documentation - Unusual runtime behavior after installation 🔑 Key Takeaway: Never assume a package is safe just because it's on npm. 🔗 Source: https://hubs.ly/Q037JV450

We are proud sponsors of Convene, hosted by @StaySafeOnline. Join us in Clearwater Beach, FL this March to connect with the training and awareness community, learn best practices, and build camaraderie. Use the code 'HoxhuntConvene' to save 15% on your ticket! https://hubs.ly/Q037JTyn0 📍 Clearwater Beach, FL 📆 March 3-4, 2025 👀 What to expect Connect with the training and awareness community. Convene was created for this close-knit group, which has few opportunities to connect in person at an event designed just for them. Learn best practices. Thought leaders and industry executives will share their recent successes, failures and insights from recent campaigns and programs. Build camaraderie. Immersive gatherings with like-minded professionals breed innovation, sharing and human connection. Tickets are available here: https://hubs.ly/Q037JTyn0 Use the code HoxhuntConvene to save 15% on your ticket!

💰 The True Cost of Phishing in 2025: A Wake-Up Call The numbers are in, and they're alarming. Data from IBM and Ponemon Institute shows the biggest jump in phishing costs since the pandemic... The average cost of a phishing breach? $4.88M 💸 That's a 10% increase from 2023 📈 Breaking down the people-targeted attacks: - Phishing breaches: $4.88M - Social engineering: $4.77M - Business Email Compromise: $4.67M But here's the game-changer: Time & Training ⏰ Speed matters: Organizations that contained breaches within 200 days saved $1.2M compared to slower responses. 👥 People matter more: The study identified employee training as the single biggest factor in either amplifying or reducing breach costs. The message is clear: Investing in your people's security awareness isn't just about prevention - it's about protecting your bottom line. #Cybersecurity #PhishingAwareness #SecurityTraining #RiskManagement Want the full 2025 Phishing Trends Report? Link in the comments below 👇

⚠️ Beware: Microsoft Confirms Sophisticated Phishing Campaign Threat actors are now targeting organizations with a new device code phishing tactic to steal Microsoft 365 emails and data. 🔑 Key details: - Attackers send phishing emails impersonating Microsoft - They trick users into entering device codes on a malicious site - This bypasses MFA and grants attackers access to Microsoft 365 accounts - Attackers then use compromised accounts to steal sensitive emails Why this matters: ✅ Shows how phishing tactics keep evolving to bypass security ✅ Highlights why traditional email security isn't enough ✅ Demonstrates importance of real-time phishing defense ✅ Reinforces need for continuous security awareness training How to protect your organization: - Train employees to verify authentication requests - Implement robust email security - Use adaptive security awareness training - Monitor for suspicious account activity 🔗 Source: https://lnkd.in/dtvFtTPS #Cybersecurity #PhishingAlert #EmailSecurity #SecurityAwareness #MicrosoftSecurity

Want to know how your phishing defense stacks up against industry benchmarks? Join Eliot Baker and Maxime Cartier for the ultimate deep dive into 2025's Phishing Trends, Insights, and Benchmarks 📊 🔎 What we'll cover - The latest phishing attack techniques targeting organizations - Key metrics from millions of simulated and real phishing attacks - Benchmark data to measure your security program's effectiveness - Practical strategies to improve your threat detection rates You'll come away with... ✅ Real-world phishing examples and case studies ✅ Industry-specific benchmarking data ✅ Actionable insights to strengthen your defenses ✅ Expert analysis of emerging threat patterns ⏰ When & Where? Thursday, February 29th 5:00 PM GMT / 12:00 PM EST / 9:00 AM PST 🔗 Register here: https://lnkd.in/dYJTA43d

We are proud sponsors of Convene, hosted by National Cybersecurity Alliance Join us this March to connect with the training and awareness community, learn best practices, and build camaraderie. 📍 Clearwater Beach, FL 📆 March 3-4, 2025 ✔️ Connect with the training and awareness community ✔️ Learn best practices ✔️ Recent successes, failures and insights from though leaders ✔️ Immersive gatherings with like-minded professionals ____ Use the code 'HoxhuntConvene' to save 15% on your ticket! 🎫 Tickets: https://hubs.ly/Q035LxwJ0 #ConveneFL25