Phishing Attacks on High Street Target Major Retailer
June 21, 2019 by Cofense in PhishingPhishing Defense CenterBy Jake Longden The Cofense Phishing Defense Center™ has observed a phishing campaign that purports to be from Argos, a major retailer in the UK and British High Street. During 2018, Argos was the subject of a large number of widely reported phishing scamsi; this threat specifically targets Argos customers for their personal information and looks like a continuation of what was seen last year. With the goal of stealing your store credit card and login information, here’s how it works: All third-party trademarks referenced by Cofense™ whether in logo form, name form or product form, or otherwise, remain the...
Houdini Worm Transformed in New Phishing Attack
June 14, 2019 by Cofense in Phishing Defense CenterThreat IntelligenceBy Nick Guarino and Aaron Riley The Cofense Phishing Defense Center™ (PDC) and Cofense Intelligence™ have identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. This new variant is named WSH Remote Access Tool (RAT) by the malware’s author and was released on June 2, 2019. Within five days, WSH RAT was observed being actively distributed via phishing. Figure 1 shows an example message from this campaign.
John Podesta’s Phish Foreshadows Doom for 2020
June 13, 2019 by Aaron Higbee in PhishingIf you haven’t read the Mueller Report, spoiler alert: the phish that netted the Clinton campaign was not sophisticated. As you may know, neither was the campaign’s phishing defense (understatement). All of which spells probable doom for the 2020 presidential candidates, despite the news that campaigns have looked at offers, some free, from cyber-security firms.
This ‘Voice Mail’ Is a Phish—and an Email Gateway Fail
June 11, 2019 by Cofense in Phishing Defense CenterBy Milo Salvia and Kamlesh Patel The Cofense Phishing Defense CenterTM has observed a phishing campaign that masquerades as a voicemail message from a well-known company. The goal is to steal your domain credentials by mimicking the Outlook Web App (OWA). Email Body: The message body is designed to mimic your typical VOIP “missed call” message delivered via email when a user misses a call. A simple HTML box appears with a blue hyperlink, Play Voice. One would assume it was meant to say Play Message or Play Voice Message. This could indicate that English is not the threat actor’s first language...
Cofense Report: 90% of Verified Phish Found in Environments Using Email Gateways
June 10, 2019 by Cofense in Cyber Incident ResponseBy Kaustubh Jagtap Our recently released 2019 Phishing Threat and Malware Review highlights how perimeter protection technologies can’t stop all advanced phishing threats. Email gateways are a critical first line of defense, but as attackers have continued to innovate gateways haven’t kept up. The CofenseTM report also underscores the importance of human intelligence to identify these advanced attacks once they make it past gateways. Trained users can effectively detect and report advanced phishing to allow SOC teams to accelerate incident response. Credential Phish Are the Most Common Threat 90% of verified phishing emails were found in environments using email gateways....
Using Windows 10? It’s Becoming a Phishing Target
June 5, 2019 by Max Gannon in Threat IntelligenceCISO Summary Cofense IntelligenceTM has recently seen a complex phishing campaign that delivers a simple payload, FormGrabber keylogger malware. The targets are Windows 10 operating systems running Windows Anti-malware Scan Interface (AMSI). The phishing emails deliver a Microsoft Excel Worksheet containing a MS Word macro that initiates infection. What’s notable: threat actors are hitting Windows 10 instead of Windows 7, a more common target. Expect to see greater abuse heaped on the newer version as more businesses adopt it. No one aspect of this campaign is novel, but the attackers easily assembled a complex infection chain using multiple obfuscation and...
The Zombie Phish Is Back with a Vengeance
June 4, 2019 by Milo Salvia in Phishing Defense CenterKeep a close on your inboxes—the Zombie Phish is back and it’s hitting hard. Last October, on the eve of Halloween, the CofenseTM Phishing Defense CenterTM reported on a new phishing threat dubbed the Zombie Phish. This phish spreads much like a traditional worm. Once a mailbox’s credentials have been compromised, the bot will reply to long-dead emails (hence, Zombie) in the inbox of the infected account, sending a generic phishing email intended to harvest more victims for the Zombie hoard.
New Phishing Attacks Use PDF Docs to Slither Past the Gateway
May 30, 2019 by Cofense in Cyber Incident ResponseBy Deron Dasilva and Milo Salvia Last week, the CofenseTM Phishing Defense CenterTM saw a new barrage of phishing attacks hiding in legitimate PDF documents, a ruse to bypass the email gateway and reach a victim’s mailbox. The attacks masquerade as a trusted entity, duping victims into opening what appears to be a trusted link, which in turn leads to a fake Microsoft login page. Once there, victims are tricked into providing their corporate login credentials.
Patch or Pass? CVE-2017-11882 Is a Security Conundrum
May 29, 2019 by Max Gannon in Threat IntelligenceCISO Summary Since the latter part of 2018, threat actors have increasingly exploited two Microsoft vulnerabilities: CVE-2017-11882 and CVE-2018-0802. The first of these is especially popular. Cofense IntelligenceTM has seen it surge ahead of Microsoft macros as a favorite malware delivery method. CVE-2017-11882 is an older vulnerability that in fact has a patch. However, it presents a conundrum for security teams that haven’t addressed the problem. They can choose to skip the patching, live with the risks, and keep on using the legacy program. Or they can update, patch, and lose the application entirely to gain much better security. In...
Got a Blockchain Wallet? Be Alert for These Phishing Emails
May 22, 2019 by Cofense in Phishing Defense CenterBy Tej Tulachan and Milo Salvia The CofenseTM Phishing Defense Center™ has seen a fresh wave of attacks targeting Blockchain wallet users. The attacks aim to steal all the information needed to hijack unsuspecting victims’ wallets and syphon off their hard-earned crypto gains. In the past week, we have detected more than 180 of these malicious emails, all reported by customers’ users. Here’s how the phishing emails work. Red Flag #1: ‘You Have Been Chosen.’ In the message below, we can see that the victim has been “selected to receive” a $50 dollar amount of Stellar (XLM), an up and coming...