Here’s a Free Turnkey Phishing Awareness Program for National Cybersecurity Awareness Month

So….it’s September and October is only a few weeks away. Have you started putting together your campaign for National Cybersecurity Awareness Month (NCSAM) yet? If not, you’re in luck – we’ve created a complimentary turnkey phishing awareness program for you to quickly launch and look like a super hero to your leader AND your organization! And best yet, these resources can be used all year round – BECAUSE security awareness goes beyond October. 

Cofense Advances as Best Tech Work Culture Finalist in Washington DC’s 2018 Timmy Awards

Tech in Motion announces top 10 local tech companies and opens public voting to determine winners

 LEESBURG, VA – September 17, 2018 – Tech in Motion Washington DC has chosen Cofense™ as a finalist for this year’s Best Tech Work Culture category as it prepares for the fourth Annual Timmy Awards, which recognizes the top workplaces for tech professionals in the Washington DC area. Cofense joins an elite list of this year’s finalists, including: Hustle, Mapbox, Ostendio and Securiport, which the public can vote for here.

How to Protect Against Phishing Attacks that Follow Natural Disasters

By Aaron Riley and Darrel Rendell

With Hurricane Florence battering parts of the East Coast, here’s a reminder that phishing campaigns sometimes pretend to promote natural-disaster relief efforts in hopes of successfully compromising their target. Cofense IntelligenceTM has analyzed plenty of these campaigns, which are designed to entice the end user into credential theft or endpoint infection.

Summer Reruns: Threat Actors Are Sticking with Malware that Works

Let’s take a look back at this summer’s malware trends as observed by Cofense IntelligenceTM. Summer 2018 has been marked by extremely inconsistent delivery of TrickBot and Geodo, though volumes of lower-impact malware families like Pony and Loki Bot remained consistently high. What’s more, improvements to the delivery and behavior of Geodo and TrickBot accompanied the resurgence of two updated malware families—Hermes ransomware and AZORult stealer—in reaffirming a preference by threat actors to update previous tools instead of developing new malware.  Because threat actors will continue to improve their software to ensure a successful infection, it’s important to understand these potentially harmful attacks.

Recent Geodo Malware Campaigns Feature Heavily Obfuscated Macros

Part 3 of 3

As we mentioned in our previous overview of Geodo, the documents used to deliver Geodo are all quite similar. Each document comes weaponised with a hostile macro. The macros are always heavily obfuscated, with junk functions and string substitutions prevalent throughout the code. The obfuscation uses three languages or dialects as part of the obfuscation process: Visual Basic, PowerShell, and Batch.

Twin Trouble: Geodo Malware URL-Based Campaigns Use Two URL Classes

Part 2 of 3

As discussed in our prior blog post, URL-based campaigns – that is, campaigns that deliver messages which contain URLs to download weaponised Office documents – are by far the most prevalent payload mechanism employed by Geodo. Indeed, analysis of ~612K messages shows just 7300 have attachments; a trifling 1.2% of the total. The structure of the URLs falls into two distinct classes. Cofense Intelligence™ analysed a corpus of 90,000 URLs and identified 165 unique URL paths. There are two distinct classes of URLs employed by Geodo. A detailed breakdown of these URL structures follows.