Another Global Phishing Campaign Distributes Malware Via Fake Invoices
June 25, 2018 by Marcel Feller in Phishing Defense CenterOn Thursday June 14th, the Cofense™ Phishing Defense Center (PDC) noted a campaign targeting UK customers with several emails containing the same subject, “Invoice INV-03056,” and prompting the user to view a supposed invoice. The next day, we saw a very similar campaign that delivered French language phishing emails. Upon analyzing the emails, the PDC notified customers that received them, so they could respond as needed. We also notified all our UK customers of the IOC’s.
Phishing Defense: Let’s Get Personal
June 20, 2018 by Dan Marshall in Internet Security AwarenessPhishingWe all know phish aren’t just sent to corporate email accounts, yet this is what we hear about most often in the news. The reason, at least in part, is because headlines highlighting millions of dollars lost or millions of accounts compromised make for better news than “Man Has Personal Savings Account Drained After Clicking Malicious Link.”
The FBI’s Global Business Email Compromise (BEC) “Wire-Wire” Bust: A Personal Perspective
June 20, 2018 by Aaron Higbee in Cyber Incident ResponseLast week, the FBI announced it had busted a business email compromise (BEC) racket that raked in millions of dollars in fraudulent wire transfers secured through email-based cyberattacks. The Bureau, along with federal and overseas partners, arrested 74 people, seized over $2M, and disrupted and recovered another $14M in phony wire payments.
Targeting of UK User Financial Accounts Has Surged in Past Two Months
June 19, 2018 by Mollie Holleman in Threat IntelligenceSince this April, Cofense Intelligence™ has observed a sustained increase in the financially motivated targeting of United Kingdom-based users with phishing lures imitating brands like Her Majesty’s Revenue & Customs (HMRC), Lloyds Bank, and HSBC Bank. The most common final payloads delivered by these campaigns are designed to compromise victims’ financial accounts and provide illicit access to financial information. This surge in targeting almost certainly represents a stage in the “whack-a-mole” strategy long employed by threat actors: expand campaigns against a segment of the vast vulnerable attack surface until those users catch on to the threat, then move to the...
More Windows Software Abuse: Microsoft Excel Query Files Used to Deliver Malware
June 13, 2018 by Neera Desai in Malware AnalysisCofense Intelligence™ recently analyzed a phishing campaign that distributed Microsoft Excel Query files in an infection chain to deliver the AmmyyAdmin remote access trojan (RAT). But analysts noted that this latest campaign bore a striking resemblance to another campaign in March 2018 in which phishing emails were used to distribute .URL internet shortcut files.
CSO Names Cofense Triage to “Best Security Software” List
June 12, 2018 by John Fitzgerald in Cyber Incident ResponseCalling it “one of the most advanced defenses against phishing,” CSO has included Cofense TriageTM in its Best Security Software for 2018. Our incident response and phishing defense platform helps to stop attacks in progress and minimize the risk of breach—in minutes, compared to the average detection time of 100+ days.
One IP to Host Them All: Uncovering a Sprawling Crime Ring
June 5, 2018 by Darrel Rendell in Malware AnalysisThreat IntelligenceOn Monday May 28, 2018, during routine operations, Cofense Intelligence™ identified traits across several campaigns that indicated they were linked. In fact, this discovery helped to reveal a sprawling criminal enterprise that uses linked infrastructure to host nearly 100 domains, along with corresponding malware campaigns.
Cofense has you covered as Office attachment attacks grow.
June 4, 2018 by Garrett Hess in Internet Security AwarenessMalware AnalysisAt Cofense™, we’ve known for some time that phishing attacks using MS Office attachments were a big problem. That’s why our solutions help you combat these attacks in important ways.
We Helped a Customer Block this Open Directory Phishing Attack
June 1, 2018 by Chance Caldwell in Phishing Defense CenterOn May 22, 2018, the Cofense Phishing Defense Center observed a Microsoft credential phishing attack that was received by one of our Managed Service customers. The Phishing Defense Center’s goal is to provide our customers all the relevant information on an attack against their employees, within an hour of an email being reported, so customers can take the necessary steps to prevent further attacks. By doing a deep dive investigation into this attack we were able to find multiple other phishing attacks listed on the site, the kits used to create the phishing pages, and several other domains created by...
TrickBot Operators Rapidly Adopt “Plug In” for Delivery, Possibly Following Dreambot’s Lead
May 25, 2018 by Neera Desai in Threat IntelligenceRecently, Cofense IntelligenceTM reported on a new mechanism used to distribute Dreambot malware, where a malicious page impersonating Microsoft Office Online entices victims to download the banking trojan. We have noted a similar delivery technique in the distribution of a TrickBot sample where targets are required to download a “plugin” to interact with a PDF, adding to the iteration of purported “plugin” downloads for malware delivery. The detailed campaign leverages social engineering techniques to gain access to victims’ sensitive information and also contains code obfuscation to evade detection by security technologies.