A global commercial development company needed to train employees to recognize and report phishing. The company launched Cofense PhishMeTM and Cofense ReporterTM, conditioning users to identify potentially malicious emails and empowering them to report with a single click.
After introducing Cofense PhishMeTM and Cofense ReporterTM, a financial services company had reduced susceptibility to 10% or lower across its 10,000+ employees. At the same time, reporting had climbed to almost 50% for data-entry simulated phishes and just under 25% for click-only. In other words, employees had learned to identify basic phishing attacks. Sometimes you need to “turn up the heat.” The company’s CISO realized it was time to use more complex scenarios to further harden resiliency. The CISO pointed out that attackers don’t ask permission to launch sophisticated attacks, so the company had to be ready for anything. To…
Over the past couple of days, the Cofense™ Phishing Defence Centre has observed multiple campaigns that prompt the user to download what appears to be a life insurance invoice. The “invoice” gets delivered in the form of a zip file that contains a LNK file with content crafted to create an effective malware downloader tool. The malware it delivers: Ursnif.
To lower phishing susceptibility, a major financial services company introduced Cofense PhishMeTM. By sending a strategic combination of simulated phishes, the company conditioned employees to recognize phishing scams.
BY DARREL RENDELL AND MOLLIE HOLLEMAN Cofense IntelligenceTM rarely sees a weaponized document that contains three separate vectors to launch an embedded payload. However, we recently observed a small phishing campaign that distributed an RTF which abuses two vulnerabilities and leverages social engineering in an attempt to execute a FormGrabber payload on the victim’s machine.
At the beginning of each calendar year, information security professionals revive the discourse surrounding tax-time phishing scams. Researchers and intelligence analysts here at Cofense™ are no exception.
Bitcoin and most other cryptocurrencies are based on the idea that coins can be generated by causing computers to solve a difficult problem. The more CPU cycles an individual can dedicate towards the mining problem, the more likely the chance that they will create a new coin. For years, botnets have scanned corporate networks for high-powered machines and installed Bitcoin or other cryptocurrency mining software on the fastest computers.
On February 27th 2007, while on the phone with my friend and co-founder Rohyt Belani, I typed the name phishme.com into GoDaddy™. We couldn’t believe our good luck and immediately registered it. As the co-founder who named this company PhishMe®, the emotional attachment is real. Somewhere in the pile of entrepreneurial startup books, I have a branding book that suggested your name is a vessel that should be big enough to carry your future products and services. We outgrew that boat quite some time ago.
Information security is important to everyone, in particular organizations that outsource operations to third-party vendors (like SaaS or cloud-computing providers). If data isn’t handled securely, an organization’s risk of exposure to data theft, extortion and malware increases dramatically.
Thus far in 2018, PhishMe Intelligence™ has observed a lull in multiple malware families that were prominent throughout 2017. There are several possible reasons for this hiatus.
In October of 2017 we blogged about a phishing campaign specifically targeting Brazilian Portuguese- speaking users. Back then, the campaign distributed a malicious Chrome browser extension. More recently, we have observed a wave of emails that have remarkably similar characteristics. This time around, the malware of choice is a banking trojan.
Improve the Phishing Incident Response Workflow with PhishMe Triage™ and ServiceNow® Security Operations Security leaders are bolstering their resiliency to phishing attacks. It starts with conditioning employees to recognize and report suspicious email. Take for example “Alice,” the CISO for a Fortune 100 company. Alice’s team regularly simulates real-world phishing on employees at all levels. The program involves behavioral conditioning that requires employees to report simulated and real attacks.
For the past few years we have discussed the power of emotion in phishing emails. This is never more valuable to understand than during the upcoming Valentine’s season. The traditions of gift giving to current partners and the romanticized notions of hearing from a secret admirer are so firmly ingrained in our minds that we become easy targets for scam artists.
In our 2017 Enterprise Phishing Resiliency and Defense Report, PhishMe® discusses the importance of moving past susceptibility as a key indicator of anti-phishing program success. We want to shift the conversation from vulnerability (susceptibility) to capability (resiliency). That is, what are an organization’s current anti-phishing capabilities—and how is positive behavior increasing them over time to build resiliency? The chart below tracks behavior among our clients’ users during phishing simulations. In it, resiliency equals users that “reported only” divided by “all that fell susceptible.” (The latter includes those that reported after falling for simulated phishes.) Figure 1 – Three-year Resiliency Trend…
With the steady rise in ransomware attacks and success, it’s highly likely that related phishing variants will continue to permeate the landscape in 2018. While this is not a new threat, it’s one that you want to be truly prepared to face. With that in mind, we looked back into our 2017 data and what we found is good news for those clients running active threat ransomware simulations in their environment. Across 246 simulations and more than 712k emails, the aggregate resiliency score was 2.63. This means that for every susceptible user, there were more than 2 that reported the…
With security analysts pulled in many directions, they must be able to prioritize and invoke incident response on ransomware, business email compromise (BEC), malware infections, and credential-based theft emails. The key to this is the automation and streamlining of the incident response. PhishMe Triage™ has been updated with new features to help security analysts and incident response teams streamline their processes and secure administrative access. Key Features this Release Tighter Integration – Authenticated API for integration across the incident response team Additional Security – Two-factor authentication for PhishMe Triage users More Accountability – Audit logs are generated for all users…
In 2017, PhishMe® analyzed over 40 Italian-language phishing campaigns that targeted victims with Zeus Panda. This popular multipurpose banking trojan is primarily designed to steal banking and other credentials, but is capable of much more as it provides attackers with a great deal of flexibility. Although some variation was observed, many of these campaigns demonstrated a large degree of shared tactics, techniques and procedures (TTPs). Given the prolific nature of these campaigns, it is likely that Italian-language phish will continue to deliver Zeus Panda in 2018. Organizations should be alert to the indicators of compromise and phishing TTPs to prevent…