Threat Actors Use Advanced Delivery Mechanism to Distribute TrickBot Malware

Threat actors’ consistent pursuit of improved efficiency is a key characteristic of the phishing threat landscape. One method for improving efficiency is to use a unique delivery technique that not only allows threat actors to distribute malware but also succeeds in evading anti-virus software and technologies.

Ribbon Cutting – Running Macros with CustomUI Elements

PhishMe® Research has generally seen macro execution in PowerPoint tied to specific actions and events, such as a mouse interaction with an object or custom actions. But the “Ribbon Cutting” technique uses a different method; it runs macro code by creating a UI callback that is triggered when the file is opened. Although in the example below we use PowerPoint, the technique can be used in other Office applications that support ribbon customizations.

Threat Actor Employs Hawkeye Malware with Multiple Infection Vectors

On July 13, 2017, the Phishing Defense Center reviewed a phishing campaign delivering Hawkeye, a stealthy keylogger, disguised as a quote from the Pakistani government’s employee housing society. Although actually a portable executable file [1], once downloaded, it masquerades its icon as a PDF. 

Karo Ransomware Raises Stakes for Victims by Threatening to Disclose Private Information

A ransomware victim must have a compelling reason to go through the burdensome process of obtaining Bitcoin and paying the ransom. For many victims, the threat of permanently losing access to their files is enough. However, some ransomware authors and criminals seek to push victims harder by raising the stakes even further.

Threat Actors Continue Abusing Google Docs and Other Cloud Services to Deliver Malware

A key part of phishing threat actors’ mission is to create email narratives and leverage malware delivery techniques that reduce the likelihood of detection. By combining compelling social engineering with seemingly benign content, threat actors hope to bypass technical controls and to convince their human victims of a phishing email’s legitimacy. One method with a long history of use is the abuse of Google Docs file sharing URLs to deliver malware content to victims. Because Google Docs and other cloud services may be trusted within an enterprise, threat actors will continue to abuse file sharing services to possibly bypass firewalls and anti-virus technologies.

Petya-like Ransomware Triggers Global Crisis with Echoes of WannaCry Attack

For the second time in as many months, networks around the world have been attacked using a worming ransomware that gains new infections by exploiting a recently-patched Windows SMB vulnerability among other proven techniques. What has been described a ransomware bearing significant similarities to the Petya encryption ransomware ravaged numerous companies and networks around the world with disproportionate impact in Ukraine and Eastern Europe but also inflicted harm to significant numbers of victims in Western Europe and North America.

PhishMe Named a 2017 Greater Washington Area Top Workplace by The Washington Post

Leesburg, Va. – June 28, 2017 – PhishMe® (cofense.staging.wpengine.com), the leading provider of human-focused phishing defense solutions, announced today that it has been awarded a 2017 Top Workplaces honor by The Washington Post. The Top Workplaces lists are based solely on the results of an employee feedback survey administered by WorkplaceDynamics, LLC, a leading research firm that specializes in organizational health and workplace improvement. Several aspects of workplace culture were measured, including alignment, execution, and connection, just to name a few.

PhishMe Named a 2017 Best Place to Work by Washington Business Journal

Leesburg, Virginia – June 26, 2017 – PhishMe® (cofense.staging.wpengine.com), the leading provider of human-focused phishing defense solutions, today announced it has been honored for the second consecutive year as a Best Place to Work in the Washington D.C area by Washington Business Journal following an annual employee engagement survey. The Washington Business Journal ranked PhishMe 5th in the ‘large companies’ category.

PhishMe CEO and Co-Founder, Rohyt Belani, Named a 2017 Washington Business Journal 40 Under 40 Honoree

Leesburg, Virginia – June 22, 2017 – PhishMe® (cofense.staging.wpengine.com), the leading provider of human-focused phishing defense solutions, today announced that co-founder and CEO Rohyt Belani has been named to the Washington Business Journal’s 2017 “40 Under 40” list. The 40 Under 40 program honors Greater Washington’s top business leaders and owners under 40 years of age who exhibit outstanding performance in their field. Honorees were chosen from more than 450 nominations by a panel of outside judges and the Washington Business Journal staff, and each honoree will be recognized at an awards ceremony being held on July 20, 2017 at Nationals Park in Washington, D.C.