Petya-like Ransomware Triggers Global Crisis with Echoes of WannaCry Attack

For the second time in as many months, networks around the world have been attacked using a worming ransomware that gains new infections by exploiting a recently-patched Windows SMB vulnerability among other proven techniques. What has been described a ransomware bearing significant similarities to the Petya encryption ransomware ravaged numerous companies and networks around the world with disproportionate impact in Ukraine and Eastern Europe but also inflicted harm to significant numbers of victims in Western Europe and North America.

PhishMe Named a 2017 Greater Washington Area Top Workplace by The Washington Post

Leesburg, Va. – June 28, 2017 – PhishMe® (cofense.com), the leading provider of human-focused phishing defense solutions, announced today that it has been awarded a 2017 Top Workplaces honor by The Washington Post. The Top Workplaces lists are based solely on the results of an employee feedback survey administered by WorkplaceDynamics, LLC, a leading research firm that specializes in organizational health and workplace improvement. Several aspects of workplace culture were measured, including alignment, execution, and connection, just to name a few.

PhishMe Named a 2017 Best Place to Work by Washington Business Journal

Leesburg, Virginia – June 26, 2017 – PhishMe® (cofense.com), the leading provider of human-focused phishing defense solutions, today announced it has been honored for the second consecutive year as a Best Place to Work in the Washington D.C area by Washington Business Journal following an annual employee engagement survey. The Washington Business Journal ranked PhishMe 5th in the ‘large companies’ category.

PhishMe CEO and Co-Founder, Rohyt Belani, Named a 2017 Washington Business Journal 40 Under 40 Honoree

Leesburg, Virginia – June 22, 2017 – PhishMe® (cofense.com), the leading provider of human-focused phishing defense solutions, today announced that co-founder and CEO Rohyt Belani has been named to the Washington Business Journal’s 2017 “40 Under 40” list. The 40 Under 40 program honors Greater Washington’s top business leaders and owners under 40 years of age who exhibit outstanding performance in their field. Honorees were chosen from more than 450 nominations by a panel of outside judges and the Washington Business Journal staff, and each honoree will be recognized at an awards ceremony being held on July 20, 2017 at Nationals Park in Washington, D.C.

Threat Actors Leverage CVE 2017-0199 to Deliver Zeus Panda via Smoke Loader

Our Phishing Defense Center identified and responded to attacks leveraging a relatively new Microsoft Office vulnerability during the past few weeks. Last week, the PDC observed threat actors exploiting CVE 2017-0199 to deliver the Smoke Loader malware downloader which in turn was used to deliver the Zeus Panda botnet malware. These emails claim to deliver an invoice for an “outstanding balance” and trick the recipient to opening the attached file. In one instance, we have also seen the malicious attachment being delivered via URL.

Tracking and Mitigating Zyklon Phishing Using Threat Intelligence and Yara

The Zyklon HTTP Botnet malware is a tool that is readily accessible to threat actors in online criminal marketplaces and has been observed in use for various criminal activities. Among its features is the ability to log the keystrokes typed by a victim as well as to collect other private or sensitive information, and one of the most notable uses for Zyklon has been as a downloader and delivery tool for the Cerber encryption ransomware. Over a dozen unique campaigns to deliver this malware have been identified and reported by PhishMe Intelligence and it represents one of the most rapidly-growing constituents on the threat landscape. Each time the Zyklon malware is identified, it has followed a relatively-straightforward and mainstream method for infecting victims. With only one exception, Zyklon has been delivered using Microsoft Word documents with hostile macro scripting used to deliver the botnet malware payload.

PhishMe’s Rohyt Belani Named Entrepreneur of The Year® 2017 Award Winner in Mid-Atlantic Region

Leesburg, Virginia – June 16, 2017 – PhishMe® (cofense.com), the leading provider of human-focused phishing defense solutions, today announced that CEO and co-founder Rohyt Belani received the EY Entrepreneur Of The Year® 2017 Award in the Security category in the Mid-Atlantic region. The award recognizes entrepreneurs who are excelling in areas such as innovation, financial performance and personal commitment to their businesses and communities. Rohyt Belani was selected by an independent panel of judges, and the award was presented at a special gala event at the Ritz-Carlton, Tysons Corner in McLean, Virginia on June 15, 2017.  

PhishMe® Files Second Intellectual Property Enforcement Action Against Wombat Security Technologies, Inc.

Leesburg, VA – June 16, 2017 – PhishMe Inc., the leading provider of human-phishing defense solutions, announced today that it has filed a second patent infringement lawsuit against Wombat Security Technologies, Inc. (“Wombat”) in the United States District Court for the District of Delaware. PhishMe’s complaint alleges that Wombat infringes PhishMe’s U.S. Patent Nos. 9,591,017 (the ’017 Patent) and 9,674,221 (the ’221 Patent). A copy of the complaint is available here. PhishMe previously initiated a patent infringement lawsuit against Wombat in 2016. In that lawsuit, which remains pending, PhishMe asserts that Wombat infringes U.S. Patent No. 9,398,038 (the ’038 Patent). In both lawsuits, PhishMe alleges that Wombat’s ThreatSim, PhishAlarm, and PhishAlarm Analyzer solutions illegally use PhishMe’s patented technology.

SMILE – New PayPal Phish Has Victims Sending Them a Selfie

Phishing scams masquerading as PayPal are unfortunately commonplace. Most recently, the PhishMe Triage™ Managed Phishing Defense Center noticed a handful of campaigns using a new tactic for advanced PayPal credential phishing. The phishing website looks very authentic compared to off-the-shelf crimeware phishing kits, but also levels-up by asking for a photo of the victim holding their ID and credit card, presumably to create cryptocurrency accounts to launder money stolen from victims.