Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Email Security Gateway (to Your Next Breach)

October 16, 2018 by Cofense in Phishing Defense Center

BY THE COFENSE PHISHING DEFENSE CENTER Email is the most common attack vector in today’s threat landscape. Not only does email deliver over 92% of malware1, but by the end of 2017 the average user received 16 malicious emails per month.2 Cyber-criminals and APT actors abuse email to deliver malware or steal user credentials and other sensitive data. Because it is ubiquitous, email is an oft-targeted, massive attack surface. Proofpoint and Mimecast Often Can’t Handle Simple Phishing Attacks That’s why companies spend thousands to millions of dollars on security technologies, including secure email gateways. Let’s be clear: it is erroneous...

READ MORE

Security Awareness: Choosing Methods and Content that Work

October 15, 2018 by Tonia Dudley in Internet Security Awareness

Part 2 in our 4-part series in support of National Cybersecurity Awareness Month. Last week we examined the importance of setting a strategy and goals for your anti-phishing program. Now that you’ve selected the user behaviors you want to address, the next step is to think about methods and content to nudge users to the correct behaviors. We live a fast-paced world of information overload. You have seconds to get your message across to engage your users. You need to choose proven learning methods and focus your educational content on the behaviors that matter most. More than anything, your training...

READ MORE

Phishing Enables Domestic Violence. Education Can Help Stop It.

October 8, 2018 by Jim Hansen in Internet Security Awareness

According to estimates, approximately 760 people, or more than two per day, are killed by their partners. Most of the victims are women.1  Making matters worse, abusers use “stalkerware” to track their victims online, cutting off sources of income, isolating them from friends and family, and otherwise trying to control every aspect of their lives.

READ MORE

Building a Security Awareness Program? Start with Strategy and Goals

October 8, 2018 by Tonia Dudley in Internet Security Awareness

Part 1 of a 4-part series on building and maintaining a security awareness program, in support of National Cybersecurity Awareness Month. In 2011, I began my journey into security awareness. At that time, there were limited resources and most programs were still compliance focused. Even though I had previously spent 5 years in IT compliance, I knew this wasn’t the right approach to get users to learn or care about security. I kept telling the director that owned the role, “Compliance focus is wrong –you have to market to the users.”

READ MORE

Threat Actors Customize URLs to Avoid Detection

October 4, 2018 by Max Gannon in Threat Intelligence

Threat actors have many ways to avoid being detected. Today, let’s look at how they tweak URLs to bypass firewall rules—and what you can do to stop them from succeeding.

READ MORE

A Staggering Amount of Stolen Data is Heading to Zoho Domains

October 2, 2018 by Darrel Rendell in Malware Analysis

After last month’s brief domain suspension of Zoho—which resulted from an insufficient response to reported phishing abuse— Cofense Intelligence™ has uncovered Zoho’s connection to an extremely high number of keylogger phishing campaigns designed to harvest data from infected machines. Of all Keyloggers analysed by Cofense, 40% used a zoho.com or zoho.eu email address to exfiltrate data from victim machines.

READ MORE

How to Orchestrate a Smarter Phishing Response

October 1, 2018 by John Fitzgerald in Cyber Incident Response

We’ve been talking a lot recently about phishing-specific SOAR (Security Orchestration Automation and Response). It’s a capability CofenseTM has pioneered to help you mitigate phishing emails faster and more efficiently. Recently, we examined automation, the ‘A’ in the acronym. Now let’s take a deeper look at the ‘O,’ orchestration. Involve the Right Teams Faster with Cofense TriageTM Like a symphony conductor waving a wand, your phishing response needs to engage the right teams at the right time. To make that happen, Cofense TriageTM starts by reducing noise with an advanced spam engine, removing benign emails your employees have reported and...

READ MORE

Potential Misuse of Legitimate Websites to Avoid Malware Detection

September 28, 2018 by Max Gannon in Threat Intelligence

Sometimes, common malware will attempt to gather information about its environment, such as public IP address, language, and location. System queries and identifier websites like whatismyipaddress.com are often used for these purposes, but are easily identified by modern network monitors and antivirus. It’s important to know, however, that everyday interactions with legitimate websites provide much of the same information and are not monitored because the interactions are legitimate. In other words, threat actors can bypass automated defenses by abusing legitimate websites that often cannot be blocked for business purposes. First, cookies—easily accessible records of a user’s interactions with a webpage—are...

READ MORE

Beware of payroll-themed phishing. Here’s one example.

September 26, 2018 by Neera Desai in Threat Intelligence

Last week, the Internet Crime Complaint Center (IC3) published a public service announcement on cybercriminals disseminating payroll-themed phishing emails. These phishing emails, often imitating financial organizations, contain alluring content such as an enticing subject line or use social engineering techniques to convince targets that the email is from a legitimate source. Cofense Intelligence™ has observed payroll-themed phishing lures requesting targets to view an embedded link or download an attached file. The emails typically deliver credential phishing links or malware that is tasked with stealing the target’s financial and personal credentials. Recently, Cofense Intelligence analyzed a payroll-themed phish distributing the TrickBot...

READ MORE

Ouch! Our Report Shows Why the Healthcare Industry Needs Better Phishing Defense

September 24, 2018 by John Robinson in Internet Security AwarenessPhishing

Cofense™ released new research last week on phishing in the healthcare industry. It’s one of those industries that routinely gets hammered by phishing and data breaches. In fact, according to Verizon’s most recent Data Breach Investigations Report, over a third of all breaches target healthcare companies1. One recently reported example: the phishing attack on the Augusta University healthcare system, which triggered a breach that may have compromised the confidential records of nearly half a million people. None of this is surprising, considering that healthcare lives and breathes data. But our research also found this: Healthcare lags behind other industries in...

READ MORE

Email Security Gateway (to Your Next Breach)

October 16, 2018 by Cofense in Phishing Defense Center

BY THE COFENSE PHISHING DEFENSE CENTER Email is the most common attack vector in today’s threat landscape. Not only does email deliver over 92% of malware1, but by the end of 2017 the average user received 16 malicious emails per month.2 Cyber-criminals and APT actors abuse email to deliver malware or steal user credentials and other sensitive data. Because it is ubiquitous, email is an oft-targeted, massive attack surface. Proofpoint and Mimecast Often Can’t Handle Simple Phishing Attacks That’s why companies spend thousands to millions of dollars on security technologies, including secure email gateways. Let’s be clear: it is erroneous...

READ MORE

Threat Actors Customize URLs to Avoid Detection

October 4, 2018 by Max Gannon in Threat Intelligence

Threat actors have many ways to avoid being detected. Today, let’s look at how they tweak URLs to bypass firewall rules—and what you can do to stop them from succeeding.

READ MORE

A Staggering Amount of Stolen Data is Heading to Zoho Domains

October 2, 2018 by Darrel Rendell in Malware Analysis

After last month’s brief domain suspension of Zoho—which resulted from an insufficient response to reported phishing abuse— Cofense Intelligence™ has uncovered Zoho’s connection to an extremely high number of keylogger phishing campaigns designed to harvest data from infected machines. Of all Keyloggers analysed by Cofense, 40% used a zoho.com or zoho.eu email address to exfiltrate data from victim machines.

READ MORE

How to Orchestrate a Smarter Phishing Response

October 1, 2018 by John Fitzgerald in Cyber Incident Response

We’ve been talking a lot recently about phishing-specific SOAR (Security Orchestration Automation and Response). It’s a capability CofenseTM has pioneered to help you mitigate phishing emails faster and more efficiently. Recently, we examined automation, the ‘A’ in the acronym. Now let’s take a deeper look at the ‘O,’ orchestration. Involve the Right Teams Faster with Cofense TriageTM Like a symphony conductor waving a wand, your phishing response needs to engage the right teams at the right time. To make that happen, Cofense TriageTM starts by reducing noise with an advanced spam engine, removing benign emails your employees have reported and...

READ MORE

Potential Misuse of Legitimate Websites to Avoid Malware Detection

September 28, 2018 by Max Gannon in Threat Intelligence

Sometimes, common malware will attempt to gather information about its environment, such as public IP address, language, and location. System queries and identifier websites like whatismyipaddress.com are often used for these purposes, but are easily identified by modern network monitors and antivirus. It’s important to know, however, that everyday interactions with legitimate websites provide much of the same information and are not monitored because the interactions are legitimate. In other words, threat actors can bypass automated defenses by abusing legitimate websites that often cannot be blocked for business purposes. First, cookies—easily accessible records of a user’s interactions with a webpage—are...

READ MORE

Beware of payroll-themed phishing. Here’s one example.

September 26, 2018 by Neera Desai in Threat Intelligence

Last week, the Internet Crime Complaint Center (IC3) published a public service announcement on cybercriminals disseminating payroll-themed phishing emails. These phishing emails, often imitating financial organizations, contain alluring content such as an enticing subject line or use social engineering techniques to convince targets that the email is from a legitimate source. Cofense Intelligence™ has observed payroll-themed phishing lures requesting targets to view an embedded link or download an attached file. The emails typically deliver credential phishing links or malware that is tasked with stealing the target’s financial and personal credentials. Recently, Cofense Intelligence analyzed a payroll-themed phish distributing the TrickBot...

READ MORE

Staying King Krab: GandCrab Malware Keeps a Step Ahead of Network Defenses

September 21, 2018 by Aaron Riley in Malware Analysis

GandCrab ransomware is being rapidly developed to evade the cyber security community’s defense efforts, aid proliferation, and secure revenue for those driving the malware. Cofense Intelligence TM has identified a new campaign that is delivering GandCrab version 4.4, the newest iteration of this prolific ransomware. The developers of GandCrab are aware of the research analysis done on its past versions, and release new versions rapidly to negate the solutions. These malicious developers also release versions in direct correlation to specific security companies’ findings. In the last two months, the authors of GandCrab have released version 4, and subsequent 4.x releases...

READ MORE

Microsoft Office Macros: Still Your Leader in Malware Delivery

September 13, 2018 by Aaron Riley in Malware Analysis

In the last month, Microsoft Office documents laden with malicious macros account have remained the malware loader-du-jour. Cofense IntelligenceTM has found they account for 45% of all delivery mechanisms analyzed.

READ MORE

We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan

September 10, 2018 by Cofense in Phishing Defense Center

By Jerome Doaty and Garrett Primm The Cofense™ Phishing Defense Center (PDC) has recently defended against a resurgence of Astaroth, with dozens of hits across our customer base in the last week. In just one week, some estimated 8,000 machines have been potentially compromised.

READ MORE

Summer Reruns: Threat Actors Are Sticking with Malware that Works

September 5, 2018 by Neera Desai in Malware Analysis

Let’s take a look back at this summer’s malware trends as observed by Cofense IntelligenceTM. Summer 2018 has been marked by extremely inconsistent delivery of TrickBot and Geodo, though volumes of lower-impact malware families like Pony and Loki Bot remained consistently high. What’s more, improvements to the delivery and behavior of Geodo and TrickBot accompanied the resurgence of two updated malware families—Hermes ransomware and AZORult stealer—in reaffirming a preference by threat actors to update previous tools instead of developing new malware.  Because threat actors will continue to improve their software to ensure a successful infection, it’s important to understand these...

READ MORE

Security Awareness: Choosing Methods and Content that Work

October 15, 2018 by Tonia Dudley in Internet Security Awareness

Part 2 in our 4-part series in support of National Cybersecurity Awareness Month. Last week we examined the importance of setting a strategy and goals for your anti-phishing program. Now that you’ve selected the user behaviors you want to address, the next step is to think about methods and content to nudge users to the correct behaviors. We live a fast-paced world of information overload. You have seconds to get your message across to engage your users. You need to choose proven learning methods and focus your educational content on the behaviors that matter most. More than anything, your training...

READ MORE

Phishing Enables Domestic Violence. Education Can Help Stop It.

October 8, 2018 by Jim Hansen in Internet Security Awareness

According to estimates, approximately 760 people, or more than two per day, are killed by their partners. Most of the victims are women.1  Making matters worse, abusers use “stalkerware” to track their victims online, cutting off sources of income, isolating them from friends and family, and otherwise trying to control every aspect of their lives.

READ MORE

Building a Security Awareness Program? Start with Strategy and Goals

October 8, 2018 by Tonia Dudley in Internet Security Awareness

Part 1 of a 4-part series on building and maintaining a security awareness program, in support of National Cybersecurity Awareness Month. In 2011, I began my journey into security awareness. At that time, there were limited resources and most programs were still compliance focused. Even though I had previously spent 5 years in IT compliance, I knew this wasn’t the right approach to get users to learn or care about security. I kept telling the director that owned the role, “Compliance focus is wrong –you have to market to the users.”

READ MORE

Ouch! Our Report Shows Why the Healthcare Industry Needs Better Phishing Defense

September 24, 2018 by John Robinson in Internet Security AwarenessPhishing

Cofense™ released new research last week on phishing in the healthcare industry. It’s one of those industries that routinely gets hammered by phishing and data breaches. In fact, according to Verizon’s most recent Data Breach Investigations Report, over a third of all breaches target healthcare companies1. One recently reported example: the phishing attack on the Augusta University healthcare system, which triggered a breach that may have compromised the confidential records of nearly half a million people. None of this is surprising, considering that healthcare lives and breathes data. But our research also found this: Healthcare lags behind other industries in...

READ MORE

Here’s a Free Turnkey Phishing Awareness Program for National Cybersecurity Awareness Month

September 18, 2018 by Tonia Dudley in Internet Security Awareness

So….it’s September and October is only a few weeks away. Have you started putting together your campaign for National Cybersecurity Awareness Month (NCSAM) yet? If not, you’re in luck – we’ve created a complimentary turnkey phishing awareness program for you to quickly launch and look like a super hero to your leader AND your organization! And best yet, these resources can be used all year round – BECAUSE security awareness goes beyond October. 

READ MORE

How to Protect Against Phishing Attacks that Follow Natural Disasters

September 14, 2018 by Cofense in Internet Security AwarenessPhishing

By Aaron Riley and Darrel Rendell With Hurricane Florence battering parts of the East Coast, here’s a reminder that phishing campaigns sometimes pretend to promote natural-disaster relief efforts in hopes of successfully compromising their target. Cofense IntelligenceTM has analyzed plenty of these campaigns, which are designed to entice the end user into credential theft or endpoint infection.

READ MORE

Automate Your Phishing Defense While Keeping Human Control

September 6, 2018 by John Fitzgerald in Phishing

When it comes to combatting phishing, “set and forget” is a pipe dream. You can’t, and you shouldn’t, take humans out of the picture. But thanks to CofenseTM automation, you can stop attacks while reducing man hours and saving money.

READ MORE

Ask the DNC: #fakephishing Phishing Pen-Tests Are Still a Bad Idea.

August 24, 2018 by Aaron Higbee in Internet Security Awareness

Cliff notes: Phishing “tests” at best are a waste of time, and at worst, disruptive and weaken your ability to defend against real phishing.

READ MORE

5 Steps to Targeting Newbies with Phishing Awareness Training

August 21, 2018 by Alexandra Wenisch in Internet Security Awareness

When it comes to phishing awareness training, new hires need special attention. While most may know what phishing is, many won’t have received formal training in recognizing and reporting a phish. This chart shows sample data from a CofenseTM customer whose newbies struggled to spot phishing emails during simulation training. Before they develop bad inbox habits, it’s important to welcome your brand-new users to your training program, especially if your company has fairly high turnover. Following are 5 tips to make the transition smoother and, ultimately, help your security teams stop phishing attacks. Step 1: Announce and Set the Stage...

READ MORE

How to Get Internal Buy-In for Your Phishing Simulation and Awareness Training Programs

August 14, 2018 by Bunmi Ogun in Internet Security Awareness

If you run an anti-phishing program, you’ve probably run into this. You want to impersonate internal teams in your phishing simulations, because that’s what attackers do. But you get pushback:

READ MORE