Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

The Lazy Man’s Guide to Phishing

August 16, 2018 by phishme in Phishing Defense Center

By Lucas Ashbaugh Laziness and sloppy work are the twenty first century’s newest business model, and for phishing actors it’s a gold rush. The real winners from modern phishing have taken a chapter out of the entrepreneur’s  handbook: The Lean Startup. For them, phishing isn’t about artisanal fraud and refined skills, it’s about starting cheap, failing quickly, and getting their head back in the game. It’s horrendously brilliant. In a world where SOCs are constantly grinding to block that IP, scan for that hash, disable macros, etc., automated solutions just can’t keep up. When it comes to phishing, speed is king....

READ MORE

Necurs Targeting Banks with PUB File that Drops FlawedAmmyy

August 15, 2018 by phishme in Malware Analysis

By Jason Meurer and Darrel Rendell Cofense™ Research reports that the Necurs botnet began a new campaign at approximately 7:30 EST on Aug 15, one appearing to be highly targeted at the banking industry. So far, Cofense has seen over 2,700 bank domains targeted as recipients.

READ MORE

July Malware Review: Geodo and TrickBot Flex Their Muscles

August 15, 2018 by Darrel Rendell in Malware Analysis

The Cofense IntelligenceTM team has wrapped up our analysis of mid-summer malware. To get this summary started, let’s look at a couple of charts.  Chart 1: Top 5 malware delivery methods, by campaign, identified in July Chart 2: Top 5 malware families, by campaign, identified in July In our Strategic Analysis released on Thursday, 26th July, it was noted that Geodo and TrickBot had been unusually active in recent weeks, following a lull in June and into early July. Charts 3 and 4 expand upon this observation via side-by-side comparisons and year-to-date trends. Prior to July, both TrickBot and Geodo tended...

READ MORE

How to Get Internal Buy-In for Your Phishing Simulation and Awareness Training Programs

August 14, 2018 by Bunmi Ogun in Internet Security Awareness

If you run an anti-phishing program, you’ve probably run into this. You want to impersonate internal teams in your phishing simulations, because that’s what attackers do. But you get pushback:

READ MORE

An Analyst’s View of Surging PowerShell-based Malware

August 13, 2018 by Marcel Feller in Malware AnalysisPhishing Defense Center

Over the past couple of weeks, the Cofense™ Phishing Defence Center (PDC) has observed a rise in PowerShell-based malware. PowerShell is a very powerful scripting language that is legitimately used in many organisations. PowerShell is packed with almost endless capabilities, most of which are particularly interesting to threat actors who wish to abuse PowerShell for malicious purposes.

READ MORE

Why a phishing-specific SOAR? Because phishing is STILL the #1 cause of breaches.

August 8, 2018 by John Fitzgerald in Cyber Incident Response

SOAR is an acronym for Security Orchestration Automation and Response.  And it’s what Cofense™ does for phishing threats and attacks. And, according to researchers at ESG, 19% of enterprises have adopted SOAR technologies extensively, while 39% have dipped their toes in the water and 26% are currently working on SOAR-related projects.1 Why is SOAR soaring? Because organizations need to connect their layers of security systems and make the most of their limited, highly skilled security resources. Phishing Alert! Alert! Alert! Phishing isn’t going away. To the contrary, it’s still growing because it works. In fact, enterprises receive up to 150,000...

READ MORE

Why Customers Love Our Board Reports on Their Phishing Defense

August 8, 2018 by Professional Services Team in Internet Security Awareness

Last year, a Cofense™ customer wanted to show his board the results of his phishing-defense program. Specifically, the customer was looking for a board-report template. The customer did a quick Google search and found…nothing.  

READ MORE

Another Tax-Rebate Phishing Scam, This Time in Canada

August 7, 2018 by Dilen Thakuri in Phishing Defense Center

The CofenseTM Phishing Defense Center has observed a phishing email targeting Canadian taxpayers, similar to HMRC scams we recently reported in the United Kingdom. It’s the latest in a surge of tax-rebate phishing scams seen across the globe, prompting tax-collection agencies to issue consumer warnings.

READ MORE

Abusing Microsoft Windows Utilities to Deliver Malware for Fun and Profit

August 6, 2018 by Max Gannon in Malware Analysis

Last year, Cofense Intelligence™ observed an increase in abuse of features built into platforms that are all but ubiquitous throughout the corporate world. An overview of these developments in 2017 was covered in our 2017 Malware Review, which highlighted the abuse of Microsoft features such as Object Linking and Embedding (OLE) and Dynamic Data Exchange (DDE) to deliver malware. Since last year, this trend has continued as threat actors are exploiting a greater variety of features as well as combining multiple techniques into one campaign.

READ MORE

Cofense Shortlisted for Three UK Computing Technology Product Awards

August 3, 2018 by John Fitzgerald in Phishing

We are delighted to share the news that CofenseTM has been shortlisted for not just one but three Computing Technology Product Awards! Some of the most prestigious awards on the UK IT industry’s calendar, the Computing Technology Product Awards aim to recognise the very best in technology and shine a spotlight on the winners. Following are the categories we are shortlisted for. Best Business Security Provider This recognizes our history and reputation in defining and leading the space. Since 2007, Cofense has pioneered the phishing defense industry. While we began in phishing awareness with what was then called PhishMe Simulator™,...

READ MORE

The Lazy Man’s Guide to Phishing

August 16, 2018 by phishme in Phishing Defense Center

By Lucas Ashbaugh Laziness and sloppy work are the twenty first century’s newest business model, and for phishing actors it’s a gold rush. The real winners from modern phishing have taken a chapter out of the entrepreneur’s  handbook: The Lean Startup. For them, phishing isn’t about artisanal fraud and refined skills, it’s about starting cheap, failing quickly, and getting their head back in the game. It’s horrendously brilliant. In a world where SOCs are constantly grinding to block that IP, scan for that hash, disable macros, etc., automated solutions just can’t keep up. When it comes to phishing, speed is king....

READ MORE

Necurs Targeting Banks with PUB File that Drops FlawedAmmyy

August 15, 2018 by phishme in Malware Analysis

By Jason Meurer and Darrel Rendell Cofense™ Research reports that the Necurs botnet began a new campaign at approximately 7:30 EST on Aug 15, one appearing to be highly targeted at the banking industry. So far, Cofense has seen over 2,700 bank domains targeted as recipients.

READ MORE

July Malware Review: Geodo and TrickBot Flex Their Muscles

August 15, 2018 by Darrel Rendell in Malware Analysis

The Cofense IntelligenceTM team has wrapped up our analysis of mid-summer malware. To get this summary started, let’s look at a couple of charts.  Chart 1: Top 5 malware delivery methods, by campaign, identified in July Chart 2: Top 5 malware families, by campaign, identified in July In our Strategic Analysis released on Thursday, 26th July, it was noted that Geodo and TrickBot had been unusually active in recent weeks, following a lull in June and into early July. Charts 3 and 4 expand upon this observation via side-by-side comparisons and year-to-date trends. Prior to July, both TrickBot and Geodo tended...

READ MORE

An Analyst’s View of Surging PowerShell-based Malware

August 13, 2018 by Marcel Feller in Malware AnalysisPhishing Defense Center

Over the past couple of weeks, the Cofense™ Phishing Defence Center (PDC) has observed a rise in PowerShell-based malware. PowerShell is a very powerful scripting language that is legitimately used in many organisations. PowerShell is packed with almost endless capabilities, most of which are particularly interesting to threat actors who wish to abuse PowerShell for malicious purposes.

READ MORE

Why a phishing-specific SOAR? Because phishing is STILL the #1 cause of breaches.

August 8, 2018 by John Fitzgerald in Cyber Incident Response

SOAR is an acronym for Security Orchestration Automation and Response.  And it’s what Cofense™ does for phishing threats and attacks. And, according to researchers at ESG, 19% of enterprises have adopted SOAR technologies extensively, while 39% have dipped their toes in the water and 26% are currently working on SOAR-related projects.1 Why is SOAR soaring? Because organizations need to connect their layers of security systems and make the most of their limited, highly skilled security resources. Phishing Alert! Alert! Alert! Phishing isn’t going away. To the contrary, it’s still growing because it works. In fact, enterprises receive up to 150,000...

READ MORE

Another Tax-Rebate Phishing Scam, This Time in Canada

August 7, 2018 by Dilen Thakuri in Phishing Defense Center

The CofenseTM Phishing Defense Center has observed a phishing email targeting Canadian taxpayers, similar to HMRC scams we recently reported in the United Kingdom. It’s the latest in a surge of tax-rebate phishing scams seen across the globe, prompting tax-collection agencies to issue consumer warnings.

READ MORE

Abusing Microsoft Windows Utilities to Deliver Malware for Fun and Profit

August 6, 2018 by Max Gannon in Malware Analysis

Last year, Cofense Intelligence™ observed an increase in abuse of features built into platforms that are all but ubiquitous throughout the corporate world. An overview of these developments in 2017 was covered in our 2017 Malware Review, which highlighted the abuse of Microsoft features such as Object Linking and Embedding (OLE) and Dynamic Data Exchange (DDE) to deliver malware. Since last year, this trend has continued as threat actors are exploiting a greater variety of features as well as combining multiple techniques into one campaign.

READ MORE

Geodo and TrickBot Malware Morph into Bigger Threats

August 2, 2018 by Max Gannon in Threat Intelligence

It may be time to rethink the Geodo and Trickbot malware. These botnets have recently become more of a threat by increasing in activity and in their variety of delivery mechanisms, utilities, and behaviors.

READ MORE

The Headlines Make the Case for More Efficient Phishing Response

August 1, 2018 by Tonia Dudley in Cyber Incident Response

Last week, Brian Krebs released a blog post about the recent news of a Virginia Bank being breached—not once, but twice. And he didn’t bury the headline. It was right up front: “Hackers used phishing emails to break into a Virginia Bank….”  

READ MORE

Customer Satisfaction Survey Leads to Credential Phishing

July 31, 2018 by Marcel Feller in Phishing Defense Center

The CofenseTM Phishing Defense Center (PDC) has observed a phishing campaign masquerading as a Customer Satisfaction Survey from Cathay Pacific. Fake surveys are an old tactic, but the PDC has recently seen an increase in their use. Examining the following email will show you what to look out for. At first look, the email appears to be a legitimate Satisfaction Survey. It is not uncommon to receive a reward for completing a survey, so that alone is not an Indicator of Phishing (IoP). However, as shown in Figure 1, the “Click here – Participate and Win” link feels out of...

READ MORE

How to Get Internal Buy-In for Your Phishing Simulation and Awareness Training Programs

August 14, 2018 by Bunmi Ogun in Internet Security Awareness

If you run an anti-phishing program, you’ve probably run into this. You want to impersonate internal teams in your phishing simulations, because that’s what attackers do. But you get pushback:

READ MORE

Why Customers Love Our Board Reports on Their Phishing Defense

August 8, 2018 by Professional Services Team in Internet Security Awareness

Last year, a Cofense™ customer wanted to show his board the results of his phishing-defense program. Specifically, the customer was looking for a board-report template. The customer did a quick Google search and found…nothing.  

READ MORE

Cofense Shortlisted for Three UK Computing Technology Product Awards

August 3, 2018 by John Fitzgerald in Phishing

We are delighted to share the news that CofenseTM has been shortlisted for not just one but three Computing Technology Product Awards! Some of the most prestigious awards on the UK IT industry’s calendar, the Computing Technology Product Awards aim to recognise the very best in technology and shine a spotlight on the winners. Following are the categories we are shortlisted for. Best Business Security Provider This recognizes our history and reputation in defining and leading the space. Since 2007, Cofense has pioneered the phishing defense industry. While we began in phishing awareness with what was then called PhishMe Simulator™,...

READ MORE

The El Camino Effect in Anti-Phishing Training

July 30, 2018 by John Robinson in Internet Security Awareness

Too often in anti-phishing training, or phishing defense in general, companies look for the wrong threats. That’s understandable to a degree, given that attackers constantly shift their tactics. But it’s a still a problem if, to use a bank heist metaphor, you’re looking for robbers who drive a Camaro vs. an El Camino. Without training based on the latest and most relevant threats, you’ll increase the odds the bad guys get away. Sometimes when that happens, users unfairly get blamed. Not cool. As anti-phishing program administrators, it’s our responsibility to empower folks to succeed. Understanding the El Camino Effect To...

READ MORE

Why You Need to Keep Brands Out of Phishing Simulations

July 26, 2018 by Tonia Dudley in Internet Security Awareness

The top 4 brands in the world—Apple, Google, Microsoft, and Facebook—are worth over $500B. Not the operations of those brands, not their proprietary technology, or their real estate—the brands alone. When something is that valuable, companies protect it zealously. They monitor how their brands are used and take action to defend them. Cofense stands firm on not allowing 3rd party brands or logos to be utilized in our phishing simulations without prior express permission. There are times when we may partner directly with specific brands and organizations on the official inclusion of their brand assets in simulation content where it...

READ MORE

Messenger of the Bots: Hermes Malware Makes Phishing Debut

July 24, 2018 by Darrel Rendell in Malware AnalysisPhishing

For the first time ever, Cofense Intelligence™ recently observed a phishing campaign distributing the infamous Hermes ransomware. The low-volume campaign delivered .doc files, weaponized with heavily obfuscated macros. These macros reached out to an attacker-controlled server to download and execute a copy of Hermes.

READ MORE

Who’s Got Access? “Value at Risk” Anti-Phishing

July 23, 2018 by Zach Lewis in Internet Security Awareness

Part 3 of 3  So far, we have looked at the concept of “value at risk” (VAR) and how it applies to anti-phishing. We’ve seen how this model can guide your anti-phishing program by focusing on the value of assets you protect. We’ve also examined ways to translate your organization’s data to dollars, which is useful if you’re responsible for data oversight and governance—in other words, it helps to know where data might live and the (estimated) value of digital assets should a breach occur.  

READ MORE

Data to Dollars: “Value at Risk” Anti-Phishing Strategies

July 16, 2018 by Zach Lewis in Internet Security Awareness

Part 2 of 3 Last week,  we looked at the concept of “value at risk” (VAR) and how it applies to anti-phishing. This week let’s do a deep-dive into the “value” aspect of VAR. We’ll ask: do you know where your crown-jewel data is stored and how much it might be worth? Even if the answer is “Not exactly,” an educated guess can help set anti-phishing priorities.

READ MORE

This Amazon Prime Day, Keep Your Network Safe from Phishing

July 12, 2018 by Josh Bartolomie in Internet Security Awareness

Unfortunately, with the world we live in, especially with any type of highly visible promotions or sales, scammers will try to take advantage of the situation. Remember last year’s Amazon Prime Day phishing scam? Consumers around the world received an email promising a $50 bonus for writing a product review, or an email stating there was a problem with their payment method or shipping information. When they clicked on an embedded link, they went to a bogus login page designed to harvest their credentials.

READ MORE

“Value at Risk”: Focus Your Anti-Phishing on the Bottom Line

July 10, 2018 by John Robinson in Internet Security Awareness

Part 1 of 3: Over the past year at Cofense, we’ve introduced and discussed the importance of elevating the visibility of anti-phishing programs to the Board of Directors level. The key measures we presented included a measure of capability we refer to as ‘resilience’ and enumeration of which specific attacks your organization may be facing. As a result, the questions we are now answering for board members globally are – “What phishing threats do you need to be the most concerned with?” “How likely are you to stop those specific attacks in progress?” In the same time frame, the World...

READ MORE