A few weeks ago, we posted an article about how Dridex is experimenting with different families of malware and techniques. When one threat actor starts shifting TTP’s, it’s usually a big deal. Attackers get comfy in their infrastructure, some survive sinkholes, and they continue spamming or stealing money. One shift takes time, effort, and money on the attackers part. The part that people often forget is that attackers need people to maintain backends, code the malware, code panels, and patch exploits as researchers find them, or else they are going to be exploited by said researchers.
What first appeared last week to be yet another malspam campaign solely spread to infect victims with Andromeda, also downloaded some interesting second stage payloads; including several keyloggers and what was later discovered to be labeled as the Fluxer proxybot. The initial malspam lures contained Italian language informing its victims that he or she has received an invoice as the message attachment. The message attachment is a ZIP archive which contained the Andromeda malware installer. More information about this campaign can be found by ThreatHQ customers in Threat ID 5316.
As the Self Assessment Tax Return deadline looms in the UK, PhishMe has warned of phishing messages, purporting to be from HM Revenue and Customs (HMRC) circulating. While the number of campaigns* circulating in 2015 has decreased against previous years, the messages themselves still pose a threat due to their sophisticated and devious nature.
The APIs have it – Emphasis on ‘I’– Individuals, Integrate, Investigate, and Incident Response
Everyday, PhishMe is helping enterprise employees change their behavior against the top threat leading to many of today’s high profile breaches – phishing. Our customers empower their employees to report suspicious email thereby creating a rich source of actionable intelligence for incident responders. Triage provides security operations center (SOC) analysts and incident responders a way to automate the identification, prioritization, and remediation of these phishing threats. This threat intelligence can then be shared with other teams to better protect your enterprise.
Local Representative Discusses the State of Global Cybersecurity and Defending Organizations Against Email-borne Attacks with Leader in Human Phishing Defense Solutions
LEESBURG, VA – January 20, 2016 – PhishMe® Inc., the pioneer in human-phishing defense solutions, today received a visit from United States Congresswoman Barbara Comstock to discuss the top cybersecurity threats facing the country. A representative of the 10th District of Virginia, Comstock met with the PhishMe team to tour its Loudoun County-based headquarters and exchange insights on the biggest issues impacting national cybersecurity today.