Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Their email filters missed these threats. Good thing the users didn’t.

April 19, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

By Jerome Doaty, Zakari Grater, and Brenda Gooshaw Samson Technology is an important part of any phishing defense, especially perimeter tech designed to filter emails. But these systems, even those billed as “next-gen email security platforms,” don’t catch everything. Some phishes always get through.

READ MORE

Examples of Silver-bullet Technology Fails

April 13, 2018 by Jesse Lands in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

Most security teams today are pretty much in the same boat: limited budget, limited man power, and limited time to defend their network against escalating threats and attacks.  Perhaps that’s why so many information security vendors claim to have the “silver bullet” to protect the customer’s environment and solve their problems. 

READ MORE

Communication is essential to your anti-phishing program.

April 12, 2018 by Shelli Matiscik in Cyber Incident ResponseInternet Security Awareness

One of the keys to a successful anti-phishing program is communication. Specifically,  communicating with users before and after a phishing scenario.

READ MORE

Phishing attack shut down in 19 minutes with Cofense Triage.

April 10, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

Imagine a cunning phisher: he knows his craft and sends your users an email appearing to come from your CEO that bypasses all your other technology. What would you do? One of our customers faced that very scenario and relied on Cofense TriageTM and the Cofense Phishing Defense Center (PDC) to analyze and respond to the attack in less than 20 minutes after it launched.

READ MORE

Is .XLSX Phishing Making a Comeback?

April 6, 2018 by Charlie Aiken in Cyber Incident ResponseMalware Analysis

On March 22nd, Cofense came across a rather unique malware sample that had a very low detection rate. At the time of analysis, the file was only detected by 5/61 AV engines. The detection rate did not reach 30% until at least a week later, as per VirusTotal: 38015eb1699b7596e8c95fed7f0bc32d1492b371bd4d7953019f69dcf40ff1fd.

READ MORE

Attention Spans and Education Design

April 5, 2018 by John Robinson in Cyber Incident ResponseInternet Security Awareness

Over the past few years, we have seen media attention drawn towards the length of our attention spans as related to our use of technology. Some reports claim a drop from 12 seconds to 8 seconds over the past decade, while others refute that data.

READ MORE

Doubling Down on PhishMe with New Features and Awareness Focus

April 4, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessPhishing

Back in 2008, Cofense™ (PhishMe®) pretty much invented the phishing awareness industry when we unveiled the first phishing simulation program for businesses. Cofense PhishMe™ made it easy to condition employees to recognize and report phishing emails and today, over 27 million (and counting) end users in 160 countries, including employees at half the Fortune 100, rely on our expertise.

READ MORE

Become the First Security Awareness Professional to be Fully Certified in Phishing Simulation Programs with Cofense

March 29, 2018 by phishme in Cyber Incident ResponseInternet Security Awareness

Want to boost your anti-phishing and your professional creds? Now you can, in just a few hours and on your own schedule. Cofense™  is pleased to announce the Cofense PhishMe™ certification, the industry’s first and only professional certification for phishing simulation programs. It’s your chance to fully master Cofense PhishMe, our award-winning phishing awareness training solution, while becoming a certified expert in phishing simulation programs.

READ MORE

Analysing TrickBot Doesn’t Have to be Tricky

March 28, 2018 by Milo Salvia in Malware AnalysisPhishing Defense Center

New additions to the TrickBot malware’s capabilities, observed by the Phishing Defence Centre, indicate that this malware tool is undergoing active development. The designers of this malware are still working hard to introduce new functionality including a network worm functionality and a screen-lock module. The worm component utilises the leaked “EternalBlue” exploit for CVE-2017-0144 to propagate itself across networks that have yet to patch or discontinue the use of SMBv1. The deployment of the screen-lock module (which appears to be still in the early phases of development) gives the threat actors the ability to change the functionality of the malware...

READ MORE

Gamers, beware. You are a target for crypto-mining botnets.

March 26, 2018 by Jitendera Sarda in Internet Security AwarenessMalware Analysis

Many gamers are unaware that they are either potential targets for mining botnets or that they may already be mining cryptocurrencies for cybercriminals. Why are gamers targets? Think about it. Mining requires a large graphics card (GPU), a dedicated Internet connection and an uninterrupted power source. Gamers use powerful and immersive, high-performing GPU’s to stay online and play networked games without interruption. It’s the perfect recipe for crypto mining.

READ MORE

Communication is essential to your anti-phishing program.

April 12, 2018 by Shelli Matiscik in Cyber Incident ResponseInternet Security Awareness

One of the keys to a successful anti-phishing program is communication. Specifically,  communicating with users before and after a phishing scenario.

READ MORE

Phishing attack shut down in 19 minutes with Cofense Triage.

April 10, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

Imagine a cunning phisher: he knows his craft and sends your users an email appearing to come from your CEO that bypasses all your other technology. What would you do? One of our customers faced that very scenario and relied on Cofense TriageTM and the Cofense Phishing Defense Center (PDC) to analyze and respond to the attack in less than 20 minutes after it launched.

READ MORE

Is .XLSX Phishing Making a Comeback?

April 6, 2018 by Charlie Aiken in Cyber Incident ResponseMalware Analysis

On March 22nd, Cofense came across a rather unique malware sample that had a very low detection rate. At the time of analysis, the file was only detected by 5/61 AV engines. The detection rate did not reach 30% until at least a week later, as per VirusTotal: 38015eb1699b7596e8c95fed7f0bc32d1492b371bd4d7953019f69dcf40ff1fd.

READ MORE

Attention Spans and Education Design

April 5, 2018 by John Robinson in Cyber Incident ResponseInternet Security Awareness

Over the past few years, we have seen media attention drawn towards the length of our attention spans as related to our use of technology. Some reports claim a drop from 12 seconds to 8 seconds over the past decade, while others refute that data.

READ MORE

Doubling Down on PhishMe with New Features and Awareness Focus

April 4, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessPhishing

Back in 2008, Cofense™ (PhishMe®) pretty much invented the phishing awareness industry when we unveiled the first phishing simulation program for businesses. Cofense PhishMe™ made it easy to condition employees to recognize and report phishing emails and today, over 27 million (and counting) end users in 160 countries, including employees at half the Fortune 100, rely on our expertise.

READ MORE

Become the First Security Awareness Professional to be Fully Certified in Phishing Simulation Programs with Cofense

March 29, 2018 by phishme in Cyber Incident ResponseInternet Security Awareness

Want to boost your anti-phishing and your professional creds? Now you can, in just a few hours and on your own schedule. Cofense™  is pleased to announce the Cofense PhishMe™ certification, the industry’s first and only professional certification for phishing simulation programs. It’s your chance to fully master Cofense PhishMe, our award-winning phishing awareness training solution, while becoming a certified expert in phishing simulation programs.

READ MORE

Analysing TrickBot Doesn’t Have to be Tricky

March 28, 2018 by Milo Salvia in Malware AnalysisPhishing Defense Center

New additions to the TrickBot malware’s capabilities, observed by the Phishing Defence Centre, indicate that this malware tool is undergoing active development. The designers of this malware are still working hard to introduce new functionality including a network worm functionality and a screen-lock module. The worm component utilises the leaked “EternalBlue” exploit for CVE-2017-0144 to propagate itself across networks that have yet to patch or discontinue the use of SMBv1. The deployment of the screen-lock module (which appears to be still in the early phases of development) gives the threat actors the ability to change the functionality of the malware...

READ MORE

Gamers, beware. You are a target for crypto-mining botnets.

March 26, 2018 by Jitendera Sarda in Internet Security AwarenessMalware Analysis

Many gamers are unaware that they are either potential targets for mining botnets or that they may already be mining cryptocurrencies for cybercriminals. Why are gamers targets? Think about it. Mining requires a large graphics card (GPU), a dedicated Internet connection and an uninterrupted power source. Gamers use powerful and immersive, high-performing GPU’s to stay online and play networked games without interruption. It’s the perfect recipe for crypto mining.

READ MORE

The Latest in Software Functionality Abuse: URL Internet Shortcut Files Abused to Deliver Malware

March 22, 2018 by Neera Desai in Internet Security AwarenessMalware AnalysisThreat Intelligence

Adding to a growing trend of phishing attacks wherein Windows and Office functionalities are abused to compromise victim systems, Cofense Intelligence™ has analyzed a recent campaign that uses the URL file type to deliver subsequent malware payloads. This file type is similar to a Windows LNK shortcut file (both file types share the same global object identifier within Windows) and can be used as a shortcut to online locations or network file shares. These files may abuse built-in functionality in Windows to enhance the ability of an attacker to deliver malware to endpoints. By abusing these built-in functionalities, threat actors...

READ MORE

Sigma Ransomware Resurfaces Following a Three-Month Disappearance

March 21, 2018 by Mollie Holleman in Internet Security AwarenessMalware AnalysisRansomwareThreat Intelligence

Cofense Intelligence™ uncovered a resurgent Sigma ransomware campaign on March 13, 2018 following a noted three-month hiatus of the malware. Although many aspects of this campaign—including its anti-analysis techniques—are consistent with previously analyzed Sigma samples, its return is in and of itself atypical.

READ MORE

Oh Behave! – Simulation Analysis

October 30, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

When considering your organization’s response to a simulated phish, it is critical to understand that we are emulating / practicing for real life events with the purpose of conditioning appropriate response patterns in our user base. 

READ MORE

PhishMe Named a Consecutive Leader in the 2017 Gartner Magic Quadrant

October 27, 2017 by phishme in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing

PhishMe has been named a consecutive leader in Gartner’s 2017 Security Awareness Computer-Based Training Magic Quadrant. It’s the second year we’ve been recognized as a leader and positioned highest in “ability to execute.”

READ MORE

Sage Ransomware Distinguishes Itself with Engaging User Interface and Easy Payment Process

October 26, 2017 by Brendan Griffin in Internet Security AwarenessMalware AnalysisPhishing

In early 2017, the Sage ransomware distinguished itself with a fresh take on the business model for criminal ransomware operations. Built with an engaging, intuitive user interface for requesting the ransom payment, it also reinforced the fact criminals are willing to invest in developing new versions of established ransomware tools.  Sage has reasserted itself as a relevant player on the already-saturated ransomware threat landscape with version 2.2.

READ MORE

Fake Swiss Tax Administration Office Emails Deliver Retefe Banking Trojan

October 25, 2017 by Marcel Feller in Malware AnalysisPhishingPhishing Defense Center

PhishMe®’s Phishing Defence Centre has observed multiple emails with a subject line that includes a reference to tax declarations in Switzerland (Original subject in German: “Fragen zu der Einkommensteuerklaerung”) as shown in Figure 1. The sender pretends to be a tax officer working for the tax administration (Eidgenoessische Steuerverwaltung ESTV) and is asking the victim to open the attached file to answer questions about the tax declaration.

READ MORE

Social Media: It’s Time to <3 Security Awareness

October 24, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 4 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month. Over the past decade, mobile phones and social media have become essential to how we ingest news and communicate friends and families.

READ MORE

Beware: These Scams Turn Open Enrollment into Open Season for Phishing

October 24, 2017 by Heather McCalley in Internet Security AwarenessMalware AnalysisPhishing

Last fall, PhishMe® warned you about scams that use phishing to steal your health savings account (HSA) details during open enrollment periods. This year we are seeing a variety of phishing scams that can take advantage of your year-end diligence in managing personal and corporate assets.

READ MORE

Security Awareness: 4 tips on Trusting Technology

October 17, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 3 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.

READ MORE

Malicious Chrome Extension Targets Users in Brazil

October 17, 2017 by Oscar Sendin in Malware AnalysisPhishingPhishing Defense Center

Our Phishing Defense Center recently detected a significant increase in the number of emails with malware designed  exclusively to target users in Brazil.

READ MORE

Locky or TrickBot? Depends Where You Are. Malicious Payload Delivery Tailored by Geographic Location

October 13, 2017 by phishme in Internet Security AwarenessMalware AnalysisPhishing

BY NEERA DESAI AND VICTOR CORNELL It is not uncommon for threat actors to deploy malicious payloads from multiple malware families during a single phishing campaign. These malware tools may include ransomware, a financial crimes trojan, or other botnet malware. However, it is not as common for those attackers to deploy different malware tools based upon the geographic location of their victim.

READ MORE

To Raise Security Awareness, Don’t Trust the Process.

October 12, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 2 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month. 

READ MORE