- New report variables
- Paid sources for recipient search
- Global benchmark stats
- White labeling options
- Security enhancements (AES256 encryption instead of the old AES128, password salt improvements)
- Notification of expiring domains & VPS
- LDAP improvements (multiple DC and SSL support)
Zürich-Thalwil, 20. Mai 2017 – The global WannaCry attack has put the issue of ransomware and malware countermeasures in the public focus. LUCY is now acknowledged in the leading media of the Swiss press as one of the pillars in the fight against cycled crime!
The economic crime now takes place in Cyberspace. This has now become clear to all. The most important point of defense as well as attack are the people, whether as an employee or private individual.
In the past, safety systems and large companies were the focus of attention. People were neglected and the SMEs were not yet interesting for the criminals. That has changed, even before WannaCry small companies have been increasingly blackmailed with Ransomware. In the meantime the ransom came down to about 600 USD / 400 EUR. This is a price the small companies can pay. Now the first background reports on the cybercrime wave 2017 were published in the Swiss press: The “Handelszeitung” on 18 May and the “Schweiz am Wochenende” on 20 May 2017 published long articles and both newspapers address exactly the above topics. We are very pleased that employee awareness and phishing simulations will be publicly addressed to the benefit of the employees!
Of course, we recommend the following articles (in German):
- Handelszeitung (in German) 18.5.2017 Cyber Angriffe: “Schadenfälle bei KMU nehmen zu” & “Die Furcht vor dem Virus”
- Schweiz am Wochenende (in German) 20.5.2017: ” Der Klick in die Erpressungsfalle”
About: LUCY-Security is a Swiss company with customers in more than 50 countries. Its product LUCY Server allows companies to perform realistic cyber attack simulations. At the same time, customized awareness programs and incident alerting tools can be used to increase cyber security. For the first time, the LUCY server makes cyber prevention in the form of a standardized product affordable for all. Customers can now test and improve their IT security without special knowledge!
For more information please call Palo under +41 44 557 19 37 or write him a mail under palo (a t) lucysecurity (d ot) com. Thank you.
Key findings: 84% of the participants recommend LUCY Security and two-thirds of the respondents are willing to call themselves publicly as a reference customer! And more than 70% of the participants are interested in a user group.
For us, it is also interesting that almost half of the submitted suggestions for improvement are already available as LUCY features.
In Feb / Mar 2017, clients of LUCY Security were asked to conduct a customer survey. The return rate was relatively high at 28.4%. The survey was conducted by the company itself on the basis of a short email questionnaire.
LUCY Security was not founded until 2015. The fact that such a young and still small cyber security product manufacturer gets so good grades after such a short time is evidence of the quality of the product and suggests that Swissness is also a not to be underestimated competitive factor.
Furthermore, the results are amazing, because the IT security industry is known for its secrecy. The high popularity rates for a public user group suggest a rethinking in the market that cyber crime can only be fight and confined together. Secrecy is detrimental to the security of the company on the Internet!
LUCY Phishing Incident Plugin allows an easy and fast response to ongoing threats. Because it’s a highly beneficial feature for companies of all sizes we decided to make it available to ALL commercial editions of LUCY. Already for 350$ / Year you get an unlimited alert feature for your company!
Phishing Incident Plugin for MS-Outlook available everywhere
The plugin allows an immediate response to running cyber attacks. Because it’s such a powerful and valuable feature also for smaller companies we decided to make the functionality available to all commercial editions of LUCY Server. Already for 350 dollars you have the possibility to introduce a company-wide cyber alert-system in the enterprise. And without user limitations! Read more about our Phishing Button here.
More sophisticated functionality like the Threat Console or the “LUCY Risk Score” remain designated to the higher editions. If you want to discover more about these features read our post we have written for the launch of LUCY V3.4.
LUCY – We make cyberprevention and simulated Internet Attacks affordable and available to everybody!
We launched LUCY V 3.4: Cyber prevention as well as IT health checks affordable for everyone and the world-wide new integrated threat analysis of incoming e-mails using the LUCY Risk Score are the highlights of the current release.
Threat Analyser and Risk Score
The “Cisco 2017 Annual Cybersecurity Report“, which is highly regarded in the industry, puts it in a nutshell: “…In many cases, their securityteams can investigate only half the security alerts they receive on a given day.” This is where the Threat Analyzer provides a remedy and relieves the security team of routine work!
The newly introduced Threat Analyzer allows comprehensive threat management and risk analysis of e-mails who have been submitted by users using the Phishing Incident Plugin for MS-Outlook. The LUCY Risk Score calculated by the LUCY Server is a world-novelty. For the first time, internal databases and IT security rules are combined with external threat information. The world’s first multi-level analysis algorithm of the suspicious e-mails allows the calculation of a particularly meaningful key figure – the LUCY Risk Score. First, the header data of the message is inspected. This is followed by the investigation of the message body. Subsequently, the trustworthiness of the sender as well as of the dispatch route are checked and finally the internal security rules are applied. This results in a comprehensive KPI:
Phishing Incident Plugin for MS-Outlook available everywhere
The plugin allows an immediate response to running cyber attacks. Because it’s such a powerful and highly beneficial feature we decided to make the functionality available to all commercial editions of LUCY Server. Already for 350 dollars you have the possibility to introduce a company-wide cyber alert-system in the enterprise. And that without user limitations! Read more about our Phishing Button here.
Multi-language awareness page
Since LUCY V1.0 you have the possibility to run several language versions of the same scenario in a mock phishing campaign. Now you can do the same with your learning and training content. With that LUCY became the most multilingual solution in the market!
“Collected user data” available in reports
The data you collect during a campaign from the users is now available in the reports and the data can be exported as well for further analysis. Read more about statistical campaign data in our Wiki.
Even more new or improved Features in LUCY V 3.4 :
- Letsencrypt autorenewal SSL
- Campaign stats page improvement
- Phishing Incident Plugin for MS-Outlook fixes & improvements (completely new code)
- New stats for portable & file-based attacks
- Performance improvements in the frontend (Ajax settings)
- Enable screenshots in the java plugin (dropper)
- Other minor improvements and multiple bugfixes
Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:
A smishing attack is done easily with LUCY Server. Set up your educational social engineering campaigns and train your people.
Create and Run a Smishing Attack Simulations with LUCY Server. A Smishing Campaign is like a Phishing Campaign, but the distribution is done over SMS messages instead using email. With LUCY you can set up such a campaign as easy as a phishing simulation. This Video shows how it’s done. You need to have the mobile numbers from the recipients. Please take note that Smishing is unlawful in some countries! LUCY Security from Switzerland makes cyber prevention and IT-Security awareness affordable and available to everbody!
Suitable for reproduction: Build your own advanced Spear Phishing Simulation with the appropriate attached Malware with LUCY. A 30 minute video gives you the possibility to build up an advanced phishing and malware simulation almost off the cuff!
LUCY Founder Oliver explains how you can set up an advanced Educational Spear Phishing campaign and store it as an reusable template. Contents are:
- Create a new attack template for your own purpose
- Create a file-based or mixed advanced spear phishing scenario, using pre-defined templates.
- Configure the phishing mails, so that thy contain personalized content
- Configure and integrate harmless Trojans (Malware) into the file-based scenario
- Set a default behavior of the Trojan (f.e. commands on the client to be executed or the listing of “Recent Documents” on the target computer)
- Start, monitor and finalize the campaign
- Reporting: Analyze the results of the Spear Phishing campaign
- Useage of the scheduler with multiple scenarios (Q+A at the end)
You would like to reproduce/replay this educational phishing campaign? Just request a Demo System here:
- 75 % of participants are able to identify the most secure password from a list of four options.
- 52 % of people know that turning off the GPS function on smartphones does not prevent tracking. Mobile phones can be tracked via cell towers / Wi-Fi networks.
- 10 % were able to identify one example of multi-factor authentication when presented with four images of online login screens.
LUCY Server makes Phishing Simulations and Cybersecurity education available and affordable to everybody. A free Community Edition can be downloaded from lucysecurity.com/download. Hunderts of customers trust LUCY!
Please install LUCY version 3.3.3 as soon as possible! It should be available in Lucy upgrade section.
In the case the server has running campaigns:
If you have some campaigns running, that prevent you from upgrading and you are unable to access the campaign page, you will be unable to upgrade from the UI. In order to upgrade, you will need to stop campaigns manually. That could be done by connecting to Lucy over SSH and issuing the following command under the root account:
sudo -upostgres psql phishing -c 'update campaign_scenarios set status = 0 where status = 10'
After the command is done, you can safely upgrade to the newest version and start (do not click RESTART: ONLY click “START | REAL ATTACK” to resume the campaign without re-sending the mails) the campaigns you previously stopped again.
“Stop all” Feature will come with LUCY 3.5
In the last days, we got a lot of improvement requests for this functionality. We will implement it: Starting from Lucy 3.5 you can stop all campaigns before upgrading right on the update page.
Should you have problems:
If you experience any problems,
- please open an SSH connection for our support engineer and
- get in contact with us.
A big sorry for the inconvenience!
Oliver Muenchow & Palo Stacho
LUCY Phishing GmbH
Edit Apr-06-2017, 3pm (CEST)
Reason: The patch adresses an internal issue with an encryption module that is used to obfuscate LUCY code. The encryption module stopped working. As a result code (e.g. PHP) cannot be decypted anymore and results to errors when accessing certain pages (500 internal server error). After the patch, the code can be interpreted again.