Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Here’s Proof that Corporate Board Members Want Stronger Phishing Defense

February 12, 2019 by Cofense in Internet Security Awareness

By Susan Mo More and more, boards of directors are security decision-makers. One example: Cofense just published a case study on a company whose board lit a fire for a stronger phishing defense—and it’s paying dividends.  This board took the lead in launching phishing simulations.  Queensland Airports Limited (QAL) Aviation hails from my part of the world, Australia. As an aviation company, QAL has a public presence. Translation: any security issues would likely make headlines. So the QAL board mandated an anti-phishing program. Using Cofense PhishMeTM, QAL now runs phishing simulations to condition its employees to recognize and report phishing...

READ MORE

With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat

February 11, 2019 by Max Gannon in Threat Intelligence

CISO Summary The Revenge RAT malware is getting stealthier, thanks to unusually advanced delivery techniques and support infrastructure. Cofense IntelligenceTM has recently seen this basic and widely available Remote Access Trojan benefit from these upgrades, which help it to access webcams, microphones, and other utilities as Revenge RAT does recon and tries to gain a foothold in targeted computers. When they succeed, RATs enable threat actors to wreak havoc, including monitoring user behavior through keyloggers or other spyware, filching personal information, and distributing other malware.

READ MORE

Expect Credential Phishing to Continue Surging in 2019

February 6, 2019 by Tonia Dudley in Internet Security Awareness

“Hackers don’t need to break in, they only need to log in.” This was a quote mentioned at a conference I attended last December and which I repeated in an e-book Cofense™ recently published, 6 Phishing Predictions for 2019. My prediction was that hackers will continue to go full bore with credential phishing, emails that specifically ask for username and password.  

READ MORE

Emo..Qak? Geodo/Emotet Botnet Delivers Qakbot Malware as First-Stage Payload

February 4, 2019 by Cofense in Threat Intelligence

By Max Gannon, Mollie MacDougall, Darrel Rendell, and Aaron Riley CISO Summary In the past few days, CofenseTM has detected double trouble from the Geodo/Emotet malware. Not only have we seen Geodo botnets directly delivering non-Geodo malware via phishing campaigns, we’ve also observed Geodo campaigns use more precise targeting.

READ MORE

We’re Making It Easy for MSSP’s to Deliver Phishing Defense

January 31, 2019 by Cofense in Phishing

By John McCabe We’re Making It Easy for MSSP’s to Deliver Phishing Defense A new Cofense™ Managed Security Service Provider (MSSP) program makes it easy for service providers to offer phishing defense to small and medium-sized businesses. Phishing is a huge problem for SMB’s. With limited budget and expertise, they’re often targets of spear phishing, ransomware, and other attacks.

READ MORE

The Malware Holiday Ends—Welcome Back Geodo and Chanitor

January 29, 2019 by Darrel Rendell in Threat Intelligence

CISO Summary Even cybercriminals knock off for the holidays. Then in January, it’s back to work. We all have bills to pay. This past holiday season, including the Russian Orthodox Christmas which fell on January 7, threat actors cooled their heels and malware campaigns dipped. But with the holidays over, threat actors are back in action. Chanitor malware campaigns are spiking, at even higher levels than a year ago, and Geodo/Emotet campaigns have been surging too.

READ MORE

Introducing the Cofense Triage Certification Program

January 23, 2019 by Cofense in Cyber Incident Response

By Kiarra Grant Want to be a certified expert in phishing response? Now you can. Introducing the Cofense Triage TM Operators Certification. It’s our second industry-specific certification program, complementing our program for operators of Cofense PhishMeTM. The new program is focused on Cofense Triage, the first and only phishing-specific incident response platform. Become an expert in Cofense Triage while taking your phishing defense program to the next level. The Cofense Triage Certification program provides: Validation and certification of skills in the operation of Cofense Triage Training in running a successful phishing response program The ability to augment Cofense solution expertise...

READ MORE

Jigsaw Ransomware Returns With Extortion Scam Ploys

January 23, 2019 by Cofense in Phishing Defense Center

By Lucas Ashbaugh Want to play a game? Jigsaw ransomware does, and it’s going to run you $400… or you could just download the free decrypter online. Jigsaw, featuring Billy The Puppet from Saw, was first released in 2016. It not only encrypts the victim’s files but deletes them at a continuously increasing rate until a payment in bitcoin can be confirmed against the bitcoin blockchain. Now, Jigsaw has been observed again, this time delivered through scam tactics. The Delivery Each email starts off with a ploy about how the threat actor somehow compromised the victim’s financial accounts. After shocking and...

READ MORE

The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials

January 21, 2019 by Darrel Rendell in Threat Intelligence

CISO Summary It’s a case of hiding in plain sight. CofenseTM recently found a phishing campaign that hides the Kutaki malware in a legitimate application to bypass email gateways and harvest users’ credentials.

READ MORE

Phishing Campaigns are Manipulating the Windows Control Panel Extension to Deliver Banking Trojans

January 17, 2019 by Cofense in Threat Intelligence

By Aaron Riley and Marcel Feller CISO Summary Recently, CofenseTM has seen phishing campaigns that bypass email security using a .cpl file extension attachment. .CPL is the file name extension for items or icons appearing in the Windows Control Panel. These file extensions are vital for most Control Panel tools to function, making endpoint threat mitigation extremely difficult. After evading controls and successfully executing on the endpoint, the .cpl file downloads a second-stage payload, which is typically a banking trojan. According to Cofense IntelligenceTM, most of these phishing campaigns are aimed at South American inboxes. As part of security awareness training...

READ MORE

With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat

February 11, 2019 by Max Gannon in Threat Intelligence

CISO Summary The Revenge RAT malware is getting stealthier, thanks to unusually advanced delivery techniques and support infrastructure. Cofense IntelligenceTM has recently seen this basic and widely available Remote Access Trojan benefit from these upgrades, which help it to access webcams, microphones, and other utilities as Revenge RAT does recon and tries to gain a foothold in targeted computers. When they succeed, RATs enable threat actors to wreak havoc, including monitoring user behavior through keyloggers or other spyware, filching personal information, and distributing other malware.

READ MORE

Emo..Qak? Geodo/Emotet Botnet Delivers Qakbot Malware as First-Stage Payload

February 4, 2019 by Cofense in Threat Intelligence

By Max Gannon, Mollie MacDougall, Darrel Rendell, and Aaron Riley CISO Summary In the past few days, CofenseTM has detected double trouble from the Geodo/Emotet malware. Not only have we seen Geodo botnets directly delivering non-Geodo malware via phishing campaigns, we’ve also observed Geodo campaigns use more precise targeting.

READ MORE

The Malware Holiday Ends—Welcome Back Geodo and Chanitor

January 29, 2019 by Darrel Rendell in Threat Intelligence

CISO Summary Even cybercriminals knock off for the holidays. Then in January, it’s back to work. We all have bills to pay. This past holiday season, including the Russian Orthodox Christmas which fell on January 7, threat actors cooled their heels and malware campaigns dipped. But with the holidays over, threat actors are back in action. Chanitor malware campaigns are spiking, at even higher levels than a year ago, and Geodo/Emotet campaigns have been surging too.

READ MORE

Introducing the Cofense Triage Certification Program

January 23, 2019 by Cofense in Cyber Incident Response

By Kiarra Grant Want to be a certified expert in phishing response? Now you can. Introducing the Cofense Triage TM Operators Certification. It’s our second industry-specific certification program, complementing our program for operators of Cofense PhishMeTM. The new program is focused on Cofense Triage, the first and only phishing-specific incident response platform. Become an expert in Cofense Triage while taking your phishing defense program to the next level. The Cofense Triage Certification program provides: Validation and certification of skills in the operation of Cofense Triage Training in running a successful phishing response program The ability to augment Cofense solution expertise...

READ MORE

Jigsaw Ransomware Returns With Extortion Scam Ploys

January 23, 2019 by Cofense in Phishing Defense Center

By Lucas Ashbaugh Want to play a game? Jigsaw ransomware does, and it’s going to run you $400… or you could just download the free decrypter online. Jigsaw, featuring Billy The Puppet from Saw, was first released in 2016. It not only encrypts the victim’s files but deletes them at a continuously increasing rate until a payment in bitcoin can be confirmed against the bitcoin blockchain. Now, Jigsaw has been observed again, this time delivered through scam tactics. The Delivery Each email starts off with a ploy about how the threat actor somehow compromised the victim’s financial accounts. After shocking and...

READ MORE

The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials

January 21, 2019 by Darrel Rendell in Threat Intelligence

CISO Summary It’s a case of hiding in plain sight. CofenseTM recently found a phishing campaign that hides the Kutaki malware in a legitimate application to bypass email gateways and harvest users’ credentials.

READ MORE

Phishing Campaigns are Manipulating the Windows Control Panel Extension to Deliver Banking Trojans

January 17, 2019 by Cofense in Threat Intelligence

By Aaron Riley and Marcel Feller CISO Summary Recently, CofenseTM has seen phishing campaigns that bypass email security using a .cpl file extension attachment. .CPL is the file name extension for items or icons appearing in the Windows Control Panel. These file extensions are vital for most Control Panel tools to function, making endpoint threat mitigation extremely difficult. After evading controls and successfully executing on the endpoint, the .cpl file downloads a second-stage payload, which is typically a banking trojan. According to Cofense IntelligenceTM, most of these phishing campaigns are aimed at South American inboxes. As part of security awareness training...

READ MORE

Exploiting an Unpatched Vulnerability, the Ave_Maria Malware Is Not Full of Grace

January 10, 2019 by Max Gannon in Threat Intelligence

CISO Summary CofenseTM has seen a rise in phishing campaigns designed to deliver a type of stealer malware called Ave_Maria. It contains a capability, DLL hijacking, that uses a vulnerability with no forthcoming fix. With origins in a publicly available utility, DLL lets Ave_Maria gain greater admin privileges and avoid detection, then steal information so it can download additional plugins and potentially other payloads. This malware can bypass detection and privilege restrictions on many endpoints.

READ MORE

The Vjw0rm Malware Does It All. Here’s What to Watch For.

January 9, 2019 by Aaron Riley in Threat Intelligence

CISO Summary  It’s called the Vengeance Justice Worm (Vjw0rm), but think of it as the Leatherman tool of malware. Vjw0rm wreaks havoc in highly versatile ways: information theft, denial of service (DoS) attacks, and self-propagation to name a few. CofenseTM has spotted this hybrid threat—a cross between a worm and a remote access trojan (RAT)—in a recent phishing campaign dangling a banking lure.   

READ MORE

In 2018, Cheap and Easy Malware Flooded Corporate Inboxes

January 8, 2019 by Darrel Rendell in Threat Intelligence

CISO Summary Sometimes it’s the simple things that make life hard. In 2018, over 2/3 of unique malware campaigns Cofense IntelligenceTM observed were simple, inexpensive “stealers” or remote access trojans (RATs). With exceptionally low barrier-to-entry—an email account or website can handle distribution and communication—these malware types make data theft a viable career choice for threat actors without the skills to use more advanced varieties.

READ MORE

Here’s Proof that Corporate Board Members Want Stronger Phishing Defense

February 12, 2019 by Cofense in Internet Security Awareness

By Susan Mo More and more, boards of directors are security decision-makers. One example: Cofense just published a case study on a company whose board lit a fire for a stronger phishing defense—and it’s paying dividends.  This board took the lead in launching phishing simulations.  Queensland Airports Limited (QAL) Aviation hails from my part of the world, Australia. As an aviation company, QAL has a public presence. Translation: any security issues would likely make headlines. So the QAL board mandated an anti-phishing program. Using Cofense PhishMeTM, QAL now runs phishing simulations to condition its employees to recognize and report phishing...

READ MORE

Expect Credential Phishing to Continue Surging in 2019

February 6, 2019 by Tonia Dudley in Internet Security Awareness

“Hackers don’t need to break in, they only need to log in.” This was a quote mentioned at a conference I attended last December and which I repeated in an e-book Cofense™ recently published, 6 Phishing Predictions for 2019. My prediction was that hackers will continue to go full bore with credential phishing, emails that specifically ask for username and password.  

READ MORE

We’re Making It Easy for MSSP’s to Deliver Phishing Defense

January 31, 2019 by Cofense in Phishing

By John McCabe We’re Making It Easy for MSSP’s to Deliver Phishing Defense A new Cofense™ Managed Security Service Provider (MSSP) program makes it easy for service providers to offer phishing defense to small and medium-sized businesses. Phishing is a huge problem for SMB’s. With limited budget and expertise, they’re often targets of spear phishing, ransomware, and other attacks.

READ MORE

5 Things We Launched this Year to Stop Phishing Attacks Faster

December 17, 2018 by John Fitzgerald in Phishing

Merry Phishmas! It’s been another busy year of phishing scams, malware delivery, and other Grinchy activity. To help keep you protected, Cofense™ has refined our solutions to stop phishing in its tracks. Following are some of the new capabilities we launched in 2018. 

READ MORE

Mature Your Anti-Phishing Program to Reflect Active Threats

November 28, 2018 by Zach Lewis in Internet Security Awareness

At CofenseTM we often hear comments from customers like, “My anti-phishing program has been running for years, email reporting rates have increased, and overall my users are better prepared. How can I continue to address and lower my risk?”

READ MORE

Major US Financial Institutions Imitated in Advanced Geodo/Emotet Phishing Lures that Appear More Authentic by Containing ProofPoint URL Wrapped Links

November 19, 2018 by Cofense in PhishingThreat Intelligence

By Darrel Rendell, Mollie MacDougall, and Max Gannon Cofense IntelligenceTM has observed Geodo (also known as Emotet) malware campaigns that are effectively spoofing major US financial institutions in part by including legitimate URLs wrapped in Proofpoint’s (PFPT) TAP URL Defense wrapping service. This adds an air of legitimacy to the casual observer, designed to increase the chances of malware infection. Figures 1 and 2 provide examples of the template and URL wrapping. Cofense Intelligence assesses the improved phishing templates are likely based upon data pilfered with a recently updated scraper module to spoof US financial institutions so effectively. Figure 1:...

READ MORE

October may be over – but phishing attacks never stop. Here’s how to make security awareness successful all year round.

November 1, 2018 by Tonia Dudley in Internet Security Awareness

Part 4 of a 4-part series in support of National Cybersecurity Awareness Month. You can read part 3 here. As October comes to a close, so too does National Cybersecurity Awareness month. But not so fast – Security Awareness isn’t just about October. It’s all year long and it never stops, it’s ever evolving. I developed this four-part blog series during National Cybersecurity Awareness Month to provide key industry insights and proven methodologies for building and enhancing your security awareness program. We started in week 1 with building a program strategy, followed up by discussing program content in week 2....

READ MORE

Where Do Security Awareness Programs Belong on the Org Chart?

October 25, 2018 by Tonia Dudley in Internet Security Awareness

Part 3 of a 4-part series in support of National Cybersecurity Awareness Month. You can read part 2 here. For this blog series on building a security awareness program, we started in week 1 with how to build a strategy. Last week we discussed how to select and use content in your overall program and specifically your phishing program. This week we’ll focus on program alignment – in other words, where does the security awareness role report within an organization?

READ MORE

Security Awareness: Choosing Methods and Content that Work

October 15, 2018 by Tonia Dudley in Internet Security Awareness

Part 2 in our 4-part series in support of National Cybersecurity Awareness Month. You can read part 1 here.  Last week we examined the importance of setting a strategy and goals for your security awareness program. Now that you’ve selected the user behaviors you want to address, the next step is to think about methods and content to nudge users to the correct behaviors. We live a fast-paced world of information overload. You have seconds to get your message across to engage your users. You need to choose proven learning methods and focus your educational content on the behaviors that...

READ MORE

Phishing Enables Domestic Violence. Education Can Help Stop It.

October 8, 2018 by Jim Hansen in Internet Security Awareness

According to estimates, approximately 760 people, or more than two per day, are killed by their partners. Most of the victims are women.1  Making matters worse, abusers use “stalkerware” to track their victims online, cutting off sources of income, isolating them from friends and family, and otherwise trying to control every aspect of their lives.

READ MORE

Cofense Headquarters

1602 Village Market Blvd, SE #400
Leesburg, VA 20175
Tel: 703.652.0717

Sitemap
Copyright © 2018 Cofense. All rights reserved.

Privacy Policy | Legal

Under 500 employees?

Cofense PhishMe Free, our no-cost phishing defense solution, was created just for you!

Sign up for your free account