Recent Posts

Detract yet delight written farther his general. If in so bred at dare rose lose good. Feel and make two real miss use easy.
December 20, 2024
Tabletop Exercise Cybersecurity Examples: 10 Real-World Scenarios

Looking to strengthen your organization's cyber defenses through practical training? Tabletop exercises provide hands-on experience dealing with cyber threats in a controlled environment. Here are 10 real-world tabletop exercise cybersecurity examples you can use to build more engaging and effective cybersecurity simulations. Hotel System Outage Response The recent Omni Hotels & Resorts incident, where a […]

Read More
December 11, 2024
Transform Your Tabletop Exercise with Real-World Cut & Paste Malware Attack Scenario

Introduction Threat actors are using fake browser updates and software fixes to trick users into cutting, copying, and pasting PowerShell scripts loaded with various malware strains, including remote access Trojans (RATs) and infostealers, to infect their computers. This tabletop exercise is relevant for organizations that use: Web browsers and productivity software vulnerable to social engineering […]

Read More
December 9, 2024
How Compliancy Group Proved Their Security Readiness with ChaosTrack

When the CEO of Compliancy Group looked at his company's cyber security readiness, he saw a problem. His team was spending hours watching security videos and taking quizzes, but he had no way to know if they could handle a real attack. As a company that serves thousands of healthcare companies with HIPAA compliance solutions, […]

Read More
November 18, 2024
Simulate an Email Bomb Attack: Run a Cybersecurity Fire Drill Today

On June 1, 2023, a Reddit user posted about a cybersecurity incident where a few users at their company were being "email bombed" with thousands of spam emails from various sites. This type of attack can be incredibly disruptive and may be a precursor to more serious threats, like account takeovers. In this article, we'll […]

Read More
November 12, 2024
Simulate a Real-World Email Thread Hijacking Attack in Your Next Tabletop Exercise

On March 28, 2024, Krebs on Security published an article titled "Thread Hijacking: Phishes That Prey on Your Curiosity". The article detailed a cybersecurity attack where a journalist's email account was compromised and used to send exploiting emails to their contacts. This article will show you how to plan and execute an effective tabletop simulation […]

Read More
October 31, 2024
Hackers Infect Antivirus Service Users: Tabletop Exercise to Prepare for Similar Attacks

On April 23, 2024, Ars Technica published an article detailing how hackers abused an antivirus service for five years to infect end users with malware. The attack was possible because the service, eScan, delivered updates over the insecure HTTP protocol. This article will guide you in planning and executing a tabletop simulation based on this […]

Read More
October 23, 2024
Running an Effective Cybersecurity Tabletop Simulation Based on the LLM Package Hallucination Attack

On March 28, 2024, Dark Reading published an article titled "Pervasive LLM Hallucinations Expand Code Developer Attack Surface". The article detailed how large language models (LLMs) like ChatGPT can "hallucinate" and recommend nonexistent code libraries to developers, giving attackers an opportunity to upload malicious packages with those names. This article will show you how to […]

Read More
April 8, 2024
How to Run an Effective Cybersecurity Fire Drill Simulation Based on the ConnectWise ScreenConnect Attacks

Introduction On February 23, 2024, Sophos published an article detailing multiple attacks that exploited vulnerabilities in ConnectWise ScreenConnect to deliver various malware payloads into business environments. This article will guide you in planning and executing a fire drill simulation based on this incident. You can find the original article at https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/. Who Is This For? […]

Read More
April 8, 2024
Organize a Cybersecurity Fire Drill Simulation Based on the Massive WordPress Sign1 Malware Campaign

On March 22, 2024, The Hacker News reported on a massive malware campaign dubbed "Sign1" that compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. This article will focus on helping you plan and execute a cybersecurity fire drill simulation based on this incident. […]

Read More
April 8, 2024
How to Hold an Effective Cybersecurity Fire Drill Simulation Based on the New StrelaStealer Phishing Attacks

On March 22, 2024, The Hacker News reported on a new wave of phishing attacks delivering the evolving StrelaStealer malware. The campaigns impacted over 100 organizations in the E.U. and U.S. This article provides guidance on using this real-world incident to plan and execute an effective cybersecurity fire drill exercise to improve your organization's readiness. […]

Read More
©2024, ChaosTrack, Inc. All Rights Reserved. Privacy Policy.