PhishMe Triage™ Advances Malware Investigation with Lastline Analyst

Phishing Incident Response – Through Automated Malware Analysis

Conditioning employees to detect and report suspicious email is a strategy security leaders have adopted through PhishMe’s innovative solutions. CISOs have realized that while technology continues to get better at preventing malware, the attackers continue to elevate their game and never rests, and neglecting people as defenders would be a mistake.

Cyber Crime: The Unreported Offense

On July 22, 2016 the UK’s Office for National Statistics released crime details for the year ending March 2016.  For the first time, this data included information about fraud and computer misuse offenses, which was compiled in the National Crime Survey for the first time in October 2015. While the police recorded 4.5 million offenses from March 2015 to March 2016, the survey indicates there were likely 3.8 million fraud instances and 2 million computer misuse instances during that same year, with the vast majority of these crimes being unreported to law enforcement.  The report has caused for a new call for additional cyber crime reporting at all levels.  In the UK, consumers and businesses alike are encouraged to submit suspicious activities and cases of loss to ActionFraud: the National Fraud & Cyber Crime Reporting Center.  ActionFraud also offers a Business Reporting Tool for bulk submissions by businesses of both fraud and scam emails.*

Earlier in July, the UK’s National Crime Agency also released their report “Cyber Crime Assessment 2016.”   The primary point made by the NCA report is the “need for a stronger law enforcement and business partnership to fight cyber crime.”

The NCA report called special attention to the sophisticated abilities of international crime groups, making them “the most competent and dangerous cyber criminals targeting UK businesses.”  These groups are behind the most sophisticated financial crimes malware.

“This malware is a substantial source of financial crime in the UK, with three variants: DRIDEX, NEVERQUEST and DYRE /DYREZA, appearing frequently and responsible for many hundreds of thousands of individual crimes in 2015.”

The report also highlights the danger of ransomware and Distributed Denial of Service (DDoS) attacks.

While arrests were made in the DRIDEX case, the same botnet is now the leading source of the Locky ransomware family, the focus of more than 50 PhishMe Intelligence reports in the past month alone!

Statements made in March by Sir Bernard Hogan-Howe, the police commissioner of the Metropolitan Police of London, received mixed reviews when he said that banks that refunded their customers after cyber incidents were “rewarding them for bad behavior” instead of teaching them to be safer online.  The GCHQ suggested that 80% of consumer-facing cyber crime could be stopped just by choosing safer passwords and keeping one’s systems updated with current security patches.

The NCA report points out, however, that it isn’t just consumers who are not pulling their weight in the fight against cyber crime.  Businesses also have a responsibility to do more.   The report urges corporate board of directors to make sure that their information technology teams are not merely checking the boxes required of compliance regulations, but taking an active role in assisting the cause by ensuring that their businesses are reporting cyber crime incidents.  As widely seen in the United States, one may be compliant with PCI, Sarbanes Oxley, HIPAA, and other regulatory standards yet still be extremely vulnerable to the type of sophisticated cyber attacks presented by these sophisticated international crime groups.

“Directors also have an important role in addressing the under-reporting of cyber crime which continues to obscure the full understanding of, and hence responses to, cyber crime in the UK. In particular, we urge businesses to report when they are victims of cyber crime and to share more intelligence, both with law enforcement and with each other.”

– NCA Strategic Cyber Industry Group

Dridex, NeverQuest, Dyre, Ransomware – Meet PhishMe Reporter & Triage

At PhishMe, we are intimately familiar with the prevalence of the malware families discussed in the UK government’s reports.  We provide detailed intelligence reports to our customers about all of those malware families, which are among the most common email-based threats that we encounter as we scrub through millions of each emails each day to identify the greatest threats and get human-driven analysis about those threats back out to our customers.

We support the security strategy and defense posture recommended by the NCA Strategic Cyber Industry Group.  Our industry must move from reactive, check-box security mentality to a proactive method of gathering and analyzing security incident reporting.  PhishMe customers not only have the ability for every employee to become part of the solution to “under-reporting” with a click of the mouse on the “Report Phishing” button, but also to share that information back to PhishMe to allow us to provide indicators that help protect ALL customers and to help inform our law enforcement partners.

PhishMe Triage provides a single place for all of those employee reports to be integrated, if your business would like to answer the call to do more information sharing about these top malicious threats. By providing a dashboard-driven interface to all employee-reported malicious emails, the security team can quickly spot the most dangerous trends, confirm the facts, and report to law enforcement, as recommended in the UK’s National Crime Agency report.

In addition, PhishMe Intelligence customers received over 2,500 malware email campaign reports in addition to more than 600,000 individual phishing reports that can be used as an intelligence feed to strengthen your corporate defenses against these malicious actors.

We look forward to partnering with our UK-customers, and all of our customers, who choose to take an active stance in the fight against cyber crime by answering the call for increased vigilance and reporting.

 

* – U.S. businesses are encouraged to report cyber crime and fraud to the FBI’s Internet Crime & Complaint Center, IC3.gov.

 

PhishMe Raises $42.5 Million In Series C Funding Led By Paladin Capital Group And Joined By New Investor Bessemer Venture Partners

Global leader in enterprise phishing defense and intelligence drives towards rapid development and expansion into Europe and Asia with significant VC investment

LEESBURG, VA – July 26th, 2016 – PhishMe Inc., the leading provider of human phishing defense solutions, today announced it has raised $42.5 million in Series C funding led by existing investor Paladin Capital Group, an established, multi-stage private equity firm that initially invested in the business in 2012. The deal also saw the participation from new investor Bessemer Venture Partners, a $4 billion venture capital firm investing in startups at every stage, in every corner of the globe.

PhishMe Announces Inaugural Annual User Conference and Phishing Defense Summit

PhishMe Submerge features industry expert speakers, including keynote by FireEye CTO,
and sessions focused on latest threats and security trends

LEESBURG, (VA.) July 13, 2016 – PhishMe, a global provider of phishing defense solutions for the enterprise, has announced that registration is open for its inaugural phishing defense summit and user conference, called PhishMe Submerge. This first-of-its-kind event, which is taking place Sept. 28-29 in Orlando, FL, will bring together industry experts with practitioners who are on the front lines to discuss the security threat landscape and share phishing defense strategies. Featured speakers will include Grady Summers, CTO of FireEye as the opening keynote speaker, along with PhishMe’s Co-Founders, Rohyt Belani, CEO, and Aaron Higbee, CTO.

Reality-checking Mr.Robot Ransomware

WARNING: MAJOR SPOILER ALERT!

USA Network’s television show, Mr.Robot, kicked off Season 2 with a BANG!   The program features the exploits of a hacker named Elliot Alderson (Rami Malek) who uses the alias “Mr.Robot” to work with a team of hackers who call themselves F-Society and have as their mission the destruction of a major corporation that they call “Evil Corp,” whose logo calls back to the Big Corporate Corruption of Enron. In this episode, the attack is against the “Bank of E.”

PhishMe Expands Senior Leadership Team

Global Leader in Phishing Defense Hires Experienced Engineering and Professional Services Leaders to Support Company’s Hyper-Growth

LEESBURG, VA, July 7, 2016 PhishMe, a global provider of phishing-defense and intelligence solutions for the enterprise, today announced it has made two senior hires in Wade Weeks and Joshua Nicholson to complement its management team. The addition of these gentlemen furthers PhishMe’s continued commitment to innovating to outpace the changing tactics of the adversaries, while supporting its customers with access to an industry-leading professional services team that complements its bleeding-edge technologies.

PhishMe Adds HIPAA, PCI-DSS and PII Training Modules to Complimentary CBFree Program

Global Leader in Human Phishing Defense Provides Free Regulatory Compliance Trainings in CBFree Offering

Leesburg, VA – June 30 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, is excited to announce the immediate availability of three new, complimentary Computer-Based Trainings, accessible through the PhishMe CBFree program. These modules are specifically designed to address the stringent PHI/HIPAA, PCI and PII requirements and provide employees with a better understanding of the policies, procedures, and reporting when handling protected personal information.

PhishMe Launches New ‘Threat Alerts’ Service to Help Organizations Get Ahead of Phishing Dangers

Global leader in phishing defense and intelligence now provides users real-time warnings of phishing and malware trends

Leesburg, (Va. USA) June 29 2016:  PhishMe, a global provider of phishing-defense solutions for the enterprise, has today launched PhishMe Threat Alerts. The service has been introduced to provide subscribers with increased visibility of critical, and developing, phishing and malware threats and trends. Identifying potential compromise indicators allows organizations to take remedial action and prevent threats before they can gain a foothold in the network.

“Mandiant’s 2016 M-Trends report indicates the number of days to detect a breach has dropped from 204 in 2014 to 146 in 2015. This report also states that the percentage of breaches detected by internal teams has actually increased to 47% in 2015 (compared to just 31% in 2014) with the median number of days for an internal team to detect a breach now 56 days,” explains Aaron Higbee, CTO and Co-Founder of PhishMe. “While these statistics indicate there has been improvement in breach detection, it is still a long time to be left exposed. What we hope to do, by introducing PhishMe Threat Alerts, is to provide developing intelligence to organizations that can act as an early warning system. With over 91% of all network attacks traced back to a successful phishing attempts, identifying and illuminating developing threats has to be a priority.”

PhishMe Threat Alerts encapsulate indicators of phishing attacks that the PhishMe Research team has confirmed in the wild.

Aaron concludes, “We receive and analyze millions of messages daily, from a wide variety of sources, which are then dissected to determine relationships between them. Our unique clustering algorithms sort malicious emails based on a number of factors which allows us to watch for, and identify, new and emerging threats. By providing this actionable intelligence as real time threat alerts, we hope to help organizations prioritize, investigate, and respond to threats that may target their networks.”

Sign up to receive PhishMe Threat Alerts here.

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Enhances Phishing Incident Response Platform

PhishMe Triage TM improved with integrations, collaboration, ability to crowdsource threat rules and malicious attachment preview tool

Leesburg, Va, June 23, 2016 PhishMe, a global provider of phishing-defense and intelligence solutions for the enterprise, has today confirmed it has bolstered its phishing threat management and incident response platform – PhishMe Triage. Enhancements include further integrations with third parties including  PhishMe Intelligence and improved collaboration with a crowdsourced YARA Rule Exchange and PhishMe Community to help save analyst time and improve response efficiency.