TrickBot Operators Rapidly Adopt “Plug In” for Delivery, Possibly Following Dreambot’s Lead

Recently, Cofense IntelligenceTM reported on a new mechanism used to distribute Dreambot malware, where a malicious page impersonating Microsoft Office Online entices victims to download the banking trojan. We have noted a similar delivery technique in the distribution of a TrickBot sample where targets are required to download a “plugin” to interact with a PDF, adding to the iteration of purported “plugin” downloads for malware delivery. The detailed campaign leverages social engineering techniques to gain access to victims’ sensitive information and also contains code obfuscation to evade detection by security technologies.

Managed Service Gives SMB’s More Security without the Headcount

If you do a Google search on “SMB’s and cyber-security,” one best practice is hard to miss. The experts say it’s smart to give employees security training. All employees, not just the cyber-warriors in IT.

Another good idea: outsource your training. Let specialists spare you the cost of creating a security awareness program. Better security without more headcount—it’s why so many SMB’s trust Cofense PhishMeTM Managed Service.

ADT Partners with Cofense to Provide Phishing Solutions for Enterprises and Mid-Sized Companies

Cofense Triage™ Phishing Incident Response Bolsters ADT Cybersecurity’s Managed Detection and Response (MDR) Offering

LEESBURG, VA and BOCA RATON, FL, May 15, 2018 – ADT Inc. (NYSE: ADT), the leading provider of monitored security and interactive home and business automation solutions in the United States and Canada, and Cofense™, the leading provider of human-driven phishing defense solutions worldwide, today announced a partnership to offer phishing detection and response to ADT customers. ADT Cybersecurity provides enterprise and mid-market businesses with managed detection and response (MDR) services to combat advanced cyberthreats in real time. This service is now augmented by Cofense Triage, the first phishing-specific automated incident response platform.

New Month; New Sigma

Cofense Intelligence has observed several recent Sigma ransomware campaigns that demonstrate either a new iteration or a fork of this malware. Prior to these new campaigns, the actors behind Sigma stuck rigidly to two very distinct phishing narratives, as detailed in Cofense’s recent blog post, and relied on the same infection process. With these newly observed changes, Sigma’s operators have eliminated various infrastructure concerns and improved the UX (User eXperience) of the whole ransom process, representing the first major shifts in Sigma tactics, techniques and procedures (TTPs).

Sigma Operators Craft New Techniques to Deliver Phish to Your Inbox

Cofense Intelligence recently identified a large Sigma ransomware campaign that contained significant deviations from the established TTPs employed by the actors behind this prolific piece of extortionware. These changes improve Sigma’s A/V detection-evasion and demonstrate new social engineering tactics intended to increase the likelihood that a targeted user would open the phishing email and its malicious attachment.