Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response
Resources
Resources

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Ransomware in 2020: Not Just More, But Different

January 20, 2020 by Cofense in Phishing

By Aaron Riley, Cofense Intelligence Cofense IntelligenceTM assesses that enterprise-targeted ransomware campaigns will most likely increase in 2020, based on attack and ransom payment trends over the last six months. In the latter half of 2019, ransomware campaigns escalated in targeting public organizations. These attacks were frequently debilitating to an impacted organization’s ability to operate and provide services and, in some cases, resulted in a data breach. Interestingly, victims are opting to pay the ransom more often. The cost of data recovery, reputation salvaging, and business impact often outweigh the payment itself. Further, those victims with insurance are paying at...

READ MORE

Want to simulate a holiday phish? This one’s from your friends at Emotet.

December 23, 2019 by Cofense in Cofense SolutionsPhishing

By Tonia Dudley Tis the season when organizations are looking to send out the year’s last phishing simulation. Often the Security Awareness team lands on a holiday theme – holiday party, holiday raffle, or even the fun ugly sweater lure. In the past, when I worked with teams to advance their phishing defense programs, I would recommend staying away from holiday themed scenarios. I’ll explain why in a moment. But my opinion has changed, thanks to the threat actors behind Emotet.

READ MORE

5 Cybersecurity Trends that Will Dominate 2020

December 20, 2019 by Aaron Higbee in PhishingThreat Intelligence

By Aaron Higbee, CTO, Cofense The threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. Which ones should you watch most closely as 2020 unfolds? Based on insights collected from our Cofense research teams, here are five trends we see dominating next year. Ransomware will continue becoming more targeted to reap more sizeable payouts. Many people are under the impression that ransomware is slowing down, but in reality it’s simply being used in a more targeted fashion. So many private and public organizations, as well as government entities, have been infiltrated...

READ MORE

5 Cybersecurity Trends that Will Dominate 2020

December 20, 2019 by Aaron Higbee in PhishingThreat Intelligence

By Aaron Higbee, CTO, Cofense The threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. Which ones should you watch most closely as 2020 unfolds? Based on insights collected from our Cofense research teams, here are five trends we see dominating next year. Ransomware will continue becoming more targeted to reap more sizeable payouts. Many people are under the impression that ransomware is slowing down, but in reality it’s simply being used in a more targeted fashion. So many private and public organizations, as well as government entities, have been infiltrated...

READ MORE

Bundle Up and Build an End-to-End Phishing Defense

December 2, 2019 by Cofense in Cyber Incident ResponsePhishing

By David Mount, Product Marketing Back in 2008, CofenseTM (then PhishMe®) pioneered the concept of phishing simulation as a tool to reduce organizational risk to phishing threats. Since then, the phishing threat landscape has evolved at a rapid pace, as evidenced in many of the posts on this blog. Back then, traditional approaches to Security Awareness didn’t (and still don’t) demonstrably and measurably improve security posture, especially relating to phishing threats. And, as we’ve mentioned before (and we highlight in this blog), every threat identified by the Cofense Phishing Defense CenterTM has bypassed the technical controls like Secure Email Gateways...

READ MORE

Threat Actors Use Bogus Payment HTML File to Scoot Past Proofpoint Gateway

November 18, 2019 by Cofense in Cyber Incident ResponsePhishing

By Tej Tulachan The Cofense Phishing Defense CenterTM (PDC) has prevented a phishing attack that attempts to steal users’ Office365 credentials by luring them with a fake payment order attachment. Hiding a malicious re-direct within a html file, threat actors bypassed the Proofpoint secure email gateway to try and steal users’ credentials. Here’s how it works: At first glance, the email appears to be a genuine communication originating from the accounts team of a relatively well-known company. The message body informs the recipient there is a payment order that requires processing. The message simply says, “Please find attached copies of...

READ MORE

You’ve Been Served: UK Scammers Deliver ‘Predator the Thief’ Malware Via Subpoena

November 6, 2019 by Cofense in Cyber Incident ResponseMalware Analysis

By Aaron Riley Not even the halls of justice are immune from scammers. A new phishing campaign spoofing the UK Ministry of Justice has successfully targeted users with a subpoena-themed email delivering Predator the Thief, a publicly available information-stealing malware. Cofense IntelligenceTM has observed employees in insurance and retail companies receiving these emails. The phishing email states that the recipient has been subpoenaed and is asked to click on a link to see more details about the case. The enclosed link uses trusted sources—namely Google Docs and Microsoft OneDrive—for the infection chain. The initial Google Docs link contains a redirect...

READ MORE

New Credential Phish Targets Employees with Salary Increase Scam

October 31, 2019 by Cofense in Cyber Incident ResponsePhishing

By Milo Salvia, Cofense Phishing Defense CenterTM The Cofense Phishing Defense Center (PDC) has observed a new phishing campaign that aims to harvest Office365 (O365) credentials by preying on employees who are expecting salary increases. The threat actors use a basic spoofing technique to trick employees into thinking that their company’s HR department has shared a salary increase spread sheet. Here’s how it works: Email Body Figure 1: Email Body The threat actor attempts to make the email appear to come from the target company by manipulating the “from” field in the headers. In particular, the threat actor changes the...

READ MORE

Ransomware in 2020: Not Just More, But Different

January 20, 2020 by Cofense in Phishing

By Aaron Riley, Cofense Intelligence Cofense IntelligenceTM assesses that enterprise-targeted ransomware campaigns will most likely increase in 2020, based on attack and ransom payment trends over the last six months. In the latter half of 2019, ransomware campaigns escalated in targeting public organizations. These attacks were frequently debilitating to an impacted organization’s ability to operate and provide services and, in some cases, resulted in a data breach. Interestingly, victims are opting to pay the ransom more often. The cost of data recovery, reputation salvaging, and business impact often outweigh the payment itself. Further, those victims with insurance are paying at...

READ MORE

Want to simulate a holiday phish? This one’s from your friends at Emotet.

December 23, 2019 by Cofense in Cofense SolutionsPhishing

By Tonia Dudley Tis the season when organizations are looking to send out the year’s last phishing simulation. Often the Security Awareness team lands on a holiday theme – holiday party, holiday raffle, or even the fun ugly sweater lure. In the past, when I worked with teams to advance their phishing defense programs, I would recommend staying away from holiday themed scenarios. I’ll explain why in a moment. But my opinion has changed, thanks to the threat actors behind Emotet.

READ MORE

5 Cybersecurity Trends that Will Dominate 2020

December 20, 2019 by Aaron Higbee in PhishingThreat Intelligence

By Aaron Higbee, CTO, Cofense The threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. Which ones should you watch most closely as 2020 unfolds? Based on insights collected from our Cofense research teams, here are five trends we see dominating next year. Ransomware will continue becoming more targeted to reap more sizeable payouts. Many people are under the impression that ransomware is slowing down, but in reality it’s simply being used in a more targeted fashion. So many private and public organizations, as well as government entities, have been infiltrated...

READ MORE

Want to simulate a holiday phish? This one’s from your friends at Emotet.

December 23, 2019 by Cofense in Cofense SolutionsPhishing

By Tonia Dudley Tis the season when organizations are looking to send out the year’s last phishing simulation. Often the Security Awareness team lands on a holiday theme – holiday party, holiday raffle, or even the fun ugly sweater lure. In the past, when I worked with teams to advance their phishing defense programs, I would recommend staying away from holiday themed scenarios. I’ll explain why in a moment. But my opinion has changed, thanks to the threat actors behind Emotet.

READ MORE

Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway

August 29, 2019 by Cofense in Phishing Defense Center

By Tej Tulachan The Cofense Phishing Defense Center (PDC) has detected a phishing campaign that delivers Trickbot embedded in a Google Docs link. Trickbot has been making the rounds for a long time now and is still considered one of the biggest malware threats targeting business today. Threat actors frequently utilize legitimate applications or trusted file sharing sites like Google Docs to bypass the email gateway and lure users to click on the link to deliver malware. In this case, the email made it through Proofpoint’s gateway utilized by our PDC customer. Email Body The email attempts to lure curious...

READ MORE

Remote Access Trojan Uses Sendgrid to Slip through Proofpoint

August 14, 2019 by Marcel Feller in Phishing Defense Center

The CofenseTM Phishing Defense CenterTM observed a malware campaign masquerading as an email complaint from the Better Business Bureau to deliver the notorious Orcus RAT, part of the free DNS domain ChickenKiller which we blogged about in 2015. Here’s how it works:

READ MORE

Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways

July 23, 2019 by Cofense in Cyber Incident ResponsePhishing Defense Center

By Jake Longden The Cofense Phishing Defense Center has observed a wave of phishing attacks that utilize the legitimate file hosting site WeTransfer to deliver malicious URLs to bypass email gateways. The attacks span major industries like banking, power, and media. Here’s how they work. Email Body: The email body is a genuine notification from WeTransfer which informs the victim that a file has been shared with them. The attackers utilise what appears to be compromised email accounts to send a genuine link to a WeTransfer hosted file. As these are legitimate links from WeTransfer, this allows them to travel...

READ MORE

This Phishing Attacker Takes American Express—and Victims’ Credentials

July 16, 2019 by Milo Salvia in Internet Security AwarenessPhishing Defense Center

Recently, the CofenseTM Phishing Defense CenterTM observed a phishing attack against American Express customers, both merchant and corporate card holders. Seeking to harvest account credentials, the phishing emails use a relatively new exploit to bypass conventional email gateway URL filtering services.

READ MORE

UK Banking Phish Targets 2-Factor Information

July 10, 2019 by Milo Salvia in Phishing Defense Center

Recently, the Cofense Phishing Defense Center observed a wave of phishing attacks  targeting TSB banking customers in the UK. We found these consumer-oriented phishing emails in corporate environments, after the malicious messages made it past perimeter defenses. The convincing emails aimed to harvest an unsuspecting victim’s email, password, mobile numbers, and the “memorable information” used in two-factor authentication. If someone were to bite on the phish, they would be open to follow-up phone scams or the complete takeover of their bank account and credit cards. Most UK banks implement two-factor authentication. They require users to set a standard password and...

READ MORE

Under the Radar – Phishing Using QR Codes to Evade URL Analysis

June 28, 2019 by Nick Guarino in PhishingPhishing Defense Center

Phishing attacks evolve over time, and attacker frustration with technical controls is a key driver in the evolution of phishing tactics. In today’s modern enterprise, it’s not uncommon for our emails to run the gauntlet of security products that wrap or scan embedded URLs with the hope of finding that malicious link. Products like Proofpoint URL Defense, Microsoft Safe Links, and Mimecast URL Protect hope to prevent phishing attacks by wrapping or analyzing URLs.  These technologies can only be effective IF they can find the URLs in the first place. Fast forward to this week where our Phishing Defense Center™...

READ MORE

Phishing Attacks on High Street Target Major Retailer

June 21, 2019 by Cofense in PhishingPhishing Defense Center

By Jake Longden The Cofense Phishing Defense Center™ has observed a phishing campaign that purports to be from Argos, a major retailer in the UK and British High Street. During 2018, Argos was the subject of a large number of widely reported phishing scamsi; this threat specifically targets Argos customers for their personal information and looks like a continuation of what was seen last year. With the goal of stealing your store credit card and login information, here’s how it works: All third-party trademarks referenced by Cofense™ whether in logo form, name form or product form, or otherwise, remain the...

READ MORE

Houdini Worm Transformed in New Phishing Attack

June 14, 2019 by Cofense in Phishing Defense CenterThreat Intelligence

By Nick Guarino and Aaron Riley The Cofense Phishing Defense Center™ (PDC)  and Cofense Intelligence™ have identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. This new variant is named WSH Remote Access Tool (RAT) by the malware’s author and was released on June 2, 2019. Within five days, WSH RAT was observed being actively distributed via phishing. Figure 1 shows an example message from this campaign.

READ MORE

This ‘Voice Mail’ Is a Phish—and an Email Gateway Fail

June 11, 2019 by Cofense in Phishing Defense Center

By Milo Salvia and Kamlesh Patel The Cofense Phishing Defense CenterTM has observed a phishing campaign that masquerades as a voicemail message from a well-known company. The goal is to steal your domain credentials by mimicking the Outlook Web App (OWA).  Email Body:  The message body is designed to mimic your typical VOIP “missed call” message delivered via email when a user misses a call. A simple HTML box appears with a blue hyperlink, Play Voice. One would assume it was meant to say Play Message or Play Voice Message. This could indicate that English is not the threat actor’s first language...

READ MORE