Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

TrickBot Operators Rapidly Adopt “Plug In” for Delivery, Possibly Following Dreambot’s Lead

May 25, 2018 by Neera Desai in Threat Intelligence

Recently, Cofense IntelligenceTM reported on a new mechanism used to distribute Dreambot malware, where a malicious page impersonating Microsoft Office Online entices victims to download the banking trojan. We have noted a similar delivery technique in the distribution of a TrickBot sample where targets are required to download a “plugin” to interact with a PDF, adding to the iteration of purported “plugin” downloads for malware delivery. The detailed campaign leverages social engineering techniques to gain access to victims’ sensitive information and also contains code obfuscation to evade detection by security technologies.

READ MORE

New Month; New Sigma

May 15, 2018 by Darrel Rendell in Threat Intelligence

Cofense Intelligence has observed several recent Sigma ransomware campaigns that demonstrate either a new iteration or a fork of this malware. Prior to these new campaigns, the actors behind Sigma stuck rigidly to two very distinct phishing narratives, as detailed in Cofense’s recent blog post, and relied on the same infection process. With these newly observed changes, Sigma’s operators have eliminated various infrastructure concerns and improved the UX (User eXperience) of the whole ransom process, representing the first major shifts in Sigma tactics, techniques and procedures (TTPs).

READ MORE

Prevent Your Social Media Users from Arming Phishing Attackers

May 8, 2018 by Zach Lewis in Phishing

An employee goes on Facebook and makes a snarky comment about his boss. Or posts a picture of a co-worker that includes a confidential document open on her laptop. Or simply mentions your company name when sharing something online. All of these are examples of potential trouble.

READ MORE

Sigma Operators Craft New Techniques to Deliver Phish to Your Inbox

May 7, 2018 by Darrel Rendell in Threat Intelligence

Cofense Intelligence recently identified a large Sigma ransomware campaign that contained significant deviations from the established TTPs employed by the actors behind this prolific piece of extortionware. These changes improve Sigma’s A/V detection-evasion and demonstrate new social engineering tactics intended to increase the likelihood that a targeted user would open the phishing email and its malicious attachment.

READ MORE

That email from HR? RSA attendees say you’d better check twice for phishing.

May 3, 2018 by phishme in Phishing

When the security world gathered at RSA 2018, CofenseTM surveyed attendees about phishing attacks and defenses. The #1 phishing concern? Malicious emails that appear to be internal communications, from your boss, HR, or the help desk, making them extra-hard to resist.

READ MORE

With Goo.gl Shutting Down, Will Attackers Move to Less Transparent URL Shorteners?

May 2, 2018 by Brendan Griffin in Threat Intelligence

Google recently announced it was shutting down Goo.gl, its URL shortener service. Going forward, you’ll find short-link provisioning in Google’s Firebase mobile and web application platform.

READ MORE

Hunting Malware Threats from Just One Word: How to Perform a Fruitful Investigation with Practically Nothing

May 1, 2018 by phishme in Threat Intelligence

Posted by: Jason Meurer, Researcher, Cofense As security researchers, we sometimes have very little information to begin our investigations or research activities. A rumor here or there can sometimes spread from a single word attributed to a current phishing or malware campaign. This was exactly the case for us on February 27th, when we identified a phishing campaign but were provided with very limited information to aid us in starting our research.

READ MORE

Russian “Troldesh” AKA Encoder.858 or Shade is back!

April 27, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

Posted by: Dilen Thakuri, Cofense Phishing Defense Center On the 19th of April, the Cofense Phishing Defense Center received an email crafted to appear to be from “Sberbank Russia.” In fact, it was a phishing email containing the Troldesh malware, a variant of Russian Ransomware first seen in mid-2015. The PDC hadn’t seen this variant for quite some time.

READ MORE

5 ways we boost your anti-phishing program’s ROI.

April 25, 2018 by Zach Lewis in Cyber Incident ResponseInternet Security AwarenessPhishing Defense Center

If you’re shopping for a vendor to help with phishing awareness training, you might be thinking, “They all seem pretty similar. What’s the difference?”

READ MORE

How to Avoid Drowning in Spam and Phishing Emails

April 23, 2018 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing Defense Center

As we have continued to improve anti-phishing capabilities for clients over the past few years, we have seen a myriad of changes in phishing email composition, style, and approach. Throughout all those changes however, one thing has remained the same.

READ MORE

TrickBot Operators Rapidly Adopt “Plug In” for Delivery, Possibly Following Dreambot’s Lead

May 25, 2018 by Neera Desai in Threat Intelligence

Recently, Cofense IntelligenceTM reported on a new mechanism used to distribute Dreambot malware, where a malicious page impersonating Microsoft Office Online entices victims to download the banking trojan. We have noted a similar delivery technique in the distribution of a TrickBot sample where targets are required to download a “plugin” to interact with a PDF, adding to the iteration of purported “plugin” downloads for malware delivery. The detailed campaign leverages social engineering techniques to gain access to victims’ sensitive information and also contains code obfuscation to evade detection by security technologies.

READ MORE

New Month; New Sigma

May 15, 2018 by Darrel Rendell in Threat Intelligence

Cofense Intelligence has observed several recent Sigma ransomware campaigns that demonstrate either a new iteration or a fork of this malware. Prior to these new campaigns, the actors behind Sigma stuck rigidly to two very distinct phishing narratives, as detailed in Cofense’s recent blog post, and relied on the same infection process. With these newly observed changes, Sigma’s operators have eliminated various infrastructure concerns and improved the UX (User eXperience) of the whole ransom process, representing the first major shifts in Sigma tactics, techniques and procedures (TTPs).

READ MORE

Sigma Operators Craft New Techniques to Deliver Phish to Your Inbox

May 7, 2018 by Darrel Rendell in Threat Intelligence

Cofense Intelligence recently identified a large Sigma ransomware campaign that contained significant deviations from the established TTPs employed by the actors behind this prolific piece of extortionware. These changes improve Sigma’s A/V detection-evasion and demonstrate new social engineering tactics intended to increase the likelihood that a targeted user would open the phishing email and its malicious attachment.

READ MORE

With Goo.gl Shutting Down, Will Attackers Move to Less Transparent URL Shorteners?

May 2, 2018 by Brendan Griffin in Threat Intelligence

Google recently announced it was shutting down Goo.gl, its URL shortener service. Going forward, you’ll find short-link provisioning in Google’s Firebase mobile and web application platform.

READ MORE

Hunting Malware Threats from Just One Word: How to Perform a Fruitful Investigation with Practically Nothing

May 1, 2018 by phishme in Threat Intelligence

Posted by: Jason Meurer, Researcher, Cofense As security researchers, we sometimes have very little information to begin our investigations or research activities. A rumor here or there can sometimes spread from a single word attributed to a current phishing or malware campaign. This was exactly the case for us on February 27th, when we identified a phishing campaign but were provided with very limited information to aid us in starting our research.

READ MORE

Russian “Troldesh” AKA Encoder.858 or Shade is back!

April 27, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

Posted by: Dilen Thakuri, Cofense Phishing Defense Center On the 19th of April, the Cofense Phishing Defense Center received an email crafted to appear to be from “Sberbank Russia.” In fact, it was a phishing email containing the Troldesh malware, a variant of Russian Ransomware first seen in mid-2015. The PDC hadn’t seen this variant for quite some time.

READ MORE

5 ways we boost your anti-phishing program’s ROI.

April 25, 2018 by Zach Lewis in Cyber Incident ResponseInternet Security AwarenessPhishing Defense Center

If you’re shopping for a vendor to help with phishing awareness training, you might be thinking, “They all seem pretty similar. What’s the difference?”

READ MORE

How to Avoid Drowning in Spam and Phishing Emails

April 23, 2018 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing Defense Center

As we have continued to improve anti-phishing capabilities for clients over the past few years, we have seen a myriad of changes in phishing email composition, style, and approach. Throughout all those changes however, one thing has remained the same.

READ MORE

Their email filters missed these threats. Good thing the users didn’t.

April 19, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

By Jerome Doaty, Zakari Grater, and Brenda Gooshaw Samson Technology is an important part of any phishing defense, especially perimeter tech designed to filter emails. But these systems, even those billed as “next-gen email security platforms,” don’t catch everything. Some phishes always get through.

READ MORE

Examples of Silver-bullet Technology Fails

April 13, 2018 by Jesse Lands in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

Most security teams today are pretty much in the same boat: limited budget, limited man power, and limited time to defend their network against escalating threats and attacks.  Perhaps that’s why so many information security vendors claim to have the “silver bullet” to protect the customer’s environment and solve their problems. 

READ MORE

Prevent Your Social Media Users from Arming Phishing Attackers

May 8, 2018 by Zach Lewis in Phishing

An employee goes on Facebook and makes a snarky comment about his boss. Or posts a picture of a co-worker that includes a confidential document open on her laptop. Or simply mentions your company name when sharing something online. All of these are examples of potential trouble.

READ MORE

That email from HR? RSA attendees say you’d better check twice for phishing.

May 3, 2018 by phishme in Phishing

When the security world gathered at RSA 2018, CofenseTM surveyed attendees about phishing attacks and defenses. The #1 phishing concern? Malicious emails that appear to be internal communications, from your boss, HR, or the help desk, making them extra-hard to resist.

READ MORE

Doubling Down on PhishMe with New Features and Awareness Focus

April 4, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessPhishing

Back in 2008, Cofense™ (PhishMe®) pretty much invented the phishing awareness industry when we unveiled the first phishing simulation program for businesses. Cofense PhishMe™ made it easy to condition employees to recognize and report phishing emails and today, over 27 million (and counting) end users in 160 countries, including employees at half the Fortune 100, rely on our expertise.

READ MORE

New Name, Same People, Stronger Balance Sheet

March 20, 2018 by Rohyt Belani in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishingPhishing Defense CenterRansomwareThreat Intelligence

Rohyt Belani, CEO & Co-founder, Cofense So far, it’s been a very exciting 2018 here at Cofense, with our recent acquisition and announcement of our new name and brand. We continued performing well as a company and launching numerous new features across our products. 

READ MORE

PhishMe is now Cofense.

February 26, 2018 by Aaron Higbee in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishingPhishing Defense CenterRansomwareThreat Intelligence

On February 27th 2007, while on the phone with my friend and co-founder Rohyt Belani, I typed the name phishme.com into GoDaddy™. We couldn’t believe our good luck and immediately registered it. As the co-founder who named this company PhishMe®, the emotional attachment is real. Somewhere in the pile of entrepreneurial startup books, I have a branding book that suggested your name is a vessel that should be big enough to carry your future products and services. We outgrew that boat quite some time ago.

READ MORE

PhishMe is SOC 2 compliant. Here’s how that helps you.

February 9, 2018 by phishme in Phishing

Information security is important to everyone, in particular organizations that outsource operations to third-party vendors (like SaaS or cloud-computing providers). If data isn’t handled securely, an organization’s risk of exposure to data theft, extortion and malware increases dramatically.

READ MORE

Missing in Action: Several Prominent Malware of 2017

February 9, 2018 by Mollie Holleman in Phishing

Thus far in 2018, PhishMe Intelligence™ has observed a lull in multiple malware families that were prominent throughout 2017. There are several possible reasons for this hiatus.

READ MORE

Another wave of Brazilian malspam leads to banking trojan

February 9, 2018 by Oscar Sendin in Phishing

In October of 2017 we blogged about a phishing campaign specifically targeting Brazilian Portuguese- speaking users. Back then, the campaign distributed a malicious Chrome browser extension. More recently, we have observed a wave of emails that have remarkably similar characteristics. This time around, the malware of choice is a banking trojan.

READ MORE

New Enhancements Help Streamline Incident Response with PhishMe Triage

December 22, 2017 by phishme in Phishing

With security analysts pulled in many directions, they must be able to prioritize and invoke incident response on ransomware, business email compromise (BEC), malware infections, and credential-based theft emails. The key to this is the automation and streamlining of the incident response. PhishMe Triage™ has been updated with new features to help security analysts and incident response teams streamline their processes and secure administrative access. Key Features this Release Tighter Integration – Authenticated API for integration across the incident response team Additional Security – Two-factor authentication for PhishMe Triage users More Accountability – Audit logs are generated for all users...

READ MORE

Here’s How Boards Should Measure Anti-Phishing Programs

December 6, 2017 by John Robinson in Phishing

In board rooms across the globe, directors are asking the question, “How is phishing affecting the organization and are we able to handle the risks?”

READ MORE