Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Ask the DNC: #fakephishing Phishing Pen-Tests Are Still a Bad Idea.

August 24, 2018 by Aaron Higbee in Internet Security Awareness

Cliff notes: Phishing “tests” at best are a waste of time, and at worst, disruptive and weaken your ability to defend against real phishing.

READ MORE

Another Holiday-Themed Phish: Eid al-Adha is the Pretext for an Agent Tesla Campaign

August 23, 2018 by Neera Desai in Threat Intelligence

Holidays and global events provide timely material for threat actors to use as phishing lures. This technique is a common practice, and can sometimes be convincing to targets, especially just before a major holiday. On Sunday, August 19, 2018, Cofense Intelligence™ received an Eid-themed phishing email. Eid al-Adha, the Islamic festival/holiday, began this week.

READ MORE

UPDATE: Necurs Botnet Banks on a Second Bite of the Apple with New Malware Delivery Method

August 22, 2018 by Jason Meurer in Malware AnalysisThreat Intelligence

Last week, Cofense™ research uncovered and broke the news that the Necurs botnet began a highly-targeted campaign aggressively attacking more than 3,000+ banks worldwide with a malicious PUB file that drops the FlawedAmmyy malware. You can read the full analysis in last week’s research blog.

READ MORE

5 Steps to Targeting Newbies with Phishing Awareness Training

August 21, 2018 by Alexandra Wenisch in Internet Security Awareness

When it comes to phishing awareness training, new hires need special attention. While most may know what phishing is, many won’t have received formal training in recognizing and reporting a phish. This chart shows sample data from a CofenseTM customer whose newbies struggled to spot phishing emails during simulation training. Before they develop bad inbox habits, it’s important to welcome your brand-new users to your training program, especially if your company has fairly high turnover. Following are 5 tips to make the transition smoother and, ultimately, help your security teams stop phishing attacks. Step 1: Announce and Set the Stage...

READ MORE

The Lazy Man’s Guide to Phishing

August 16, 2018 by Cofense in Phishing Defense Center

By Lucas Ashbaugh Laziness and sloppy work are the twenty first century’s newest business model, and for phishing actors it’s a gold rush. The real winners from modern phishing have taken a chapter out of the entrepreneur’s  handbook: The Lean Startup. For them, phishing isn’t about artisanal fraud and refined skills, it’s about starting cheap, failing quickly, and getting their head back in the game. It’s horrendously brilliant. In a world where SOCs are constantly grinding to block that IP, scan for that hash, disable macros, etc., automated solutions just can’t keep up. When it comes to phishing, speed is king....

READ MORE

Necurs Targeting Banks with PUB File that Drops FlawedAmmyy

August 15, 2018 by Cofense in Malware Analysis

By Jason Meurer and Darrel Rendell Cofense™ Research reports that the Necurs botnet began a new campaign at approximately 7:30 EST on Aug 15, one appearing to be highly targeted at the banking industry. So far, Cofense has seen over 3,701 bank domains targeted as recipients.

READ MORE

July Malware Review: Geodo and TrickBot Flex Their Muscles

August 15, 2018 by Darrel Rendell in Malware Analysis

The Cofense IntelligenceTM team has wrapped up our analysis of mid-summer malware. To get this summary started, let’s look at a couple of charts.  Chart 1: Top 5 malware delivery methods, by campaign, identified in July Chart 2: Top 5 malware families, by campaign, identified in July In our Strategic Analysis released on Thursday, 26th July, it was noted that Geodo and TrickBot had been unusually active in recent weeks, following a lull in June and into early July. Charts 3 and 4 expand upon this observation via side-by-side comparisons and year-to-date trends. Prior to July, both TrickBot and Geodo tended...

READ MORE

How to Get Internal Buy-In for Your Phishing Simulation and Awareness Training Programs

August 14, 2018 by Bunmi Ogun in Internet Security Awareness

If you run an anti-phishing program, you’ve probably run into this. You want to impersonate internal teams in your phishing simulations, because that’s what attackers do. But you get pushback:

READ MORE

An Analyst’s View of Surging PowerShell-based Malware

August 13, 2018 by Marcel Feller in Malware AnalysisPhishing Defense Center

Over the past couple of weeks, the Cofense™ Phishing Defence Center (PDC) has observed a rise in PowerShell-based malware. PowerShell is a very powerful scripting language that is legitimately used in many organisations. PowerShell is packed with almost endless capabilities, most of which are particularly interesting to threat actors who wish to abuse PowerShell for malicious purposes.

READ MORE

Why a phishing-specific SOAR? Because phishing is STILL the #1 cause of breaches.

August 8, 2018 by John Fitzgerald in Cyber Incident Response

SOAR is an acronym for Security Orchestration Automation and Response.  And it’s what Cofense™ does for phishing threats and attacks. And, according to researchers at ESG, 19% of enterprises have adopted SOAR technologies extensively, while 39% have dipped their toes in the water and 26% are currently working on SOAR-related projects.1 Why is SOAR soaring? Because organizations need to connect their layers of security systems and make the most of their limited, highly skilled security resources. Phishing Alert! Alert! Alert! Phishing isn’t going away. To the contrary, it’s still growing because it works. In fact, enterprises receive up to 150,000...

READ MORE

Necurs Targeting Banks with PUB File that Drops FlawedAmmyy

August 15, 2018 by Cofense in Malware Analysis

By Jason Meurer and Darrel Rendell Cofense™ Research reports that the Necurs botnet began a new campaign at approximately 7:30 EST on Aug 15, one appearing to be highly targeted at the banking industry. So far, Cofense has seen over 3,701 bank domains targeted as recipients.

READ MORE

July Malware Review: Geodo and TrickBot Flex Their Muscles

August 15, 2018 by Darrel Rendell in Malware Analysis

The Cofense IntelligenceTM team has wrapped up our analysis of mid-summer malware. To get this summary started, let’s look at a couple of charts.  Chart 1: Top 5 malware delivery methods, by campaign, identified in July Chart 2: Top 5 malware families, by campaign, identified in July In our Strategic Analysis released on Thursday, 26th July, it was noted that Geodo and TrickBot had been unusually active in recent weeks, following a lull in June and into early July. Charts 3 and 4 expand upon this observation via side-by-side comparisons and year-to-date trends. Prior to July, both TrickBot and Geodo tended...

READ MORE

An Analyst’s View of Surging PowerShell-based Malware

August 13, 2018 by Marcel Feller in Malware AnalysisPhishing Defense Center

Over the past couple of weeks, the Cofense™ Phishing Defence Center (PDC) has observed a rise in PowerShell-based malware. PowerShell is a very powerful scripting language that is legitimately used in many organisations. PowerShell is packed with almost endless capabilities, most of which are particularly interesting to threat actors who wish to abuse PowerShell for malicious purposes.

READ MORE

Why a phishing-specific SOAR? Because phishing is STILL the #1 cause of breaches.

August 8, 2018 by John Fitzgerald in Cyber Incident Response

SOAR is an acronym for Security Orchestration Automation and Response.  And it’s what Cofense™ does for phishing threats and attacks. And, according to researchers at ESG, 19% of enterprises have adopted SOAR technologies extensively, while 39% have dipped their toes in the water and 26% are currently working on SOAR-related projects.1 Why is SOAR soaring? Because organizations need to connect their layers of security systems and make the most of their limited, highly skilled security resources. Phishing Alert! Alert! Alert! Phishing isn’t going away. To the contrary, it’s still growing because it works. In fact, enterprises receive up to 150,000...

READ MORE

Another Tax-Rebate Phishing Scam, This Time in Canada

August 7, 2018 by Dilen Thakuri in Phishing Defense Center

The CofenseTM Phishing Defense Center has observed a phishing email targeting Canadian taxpayers, similar to HMRC scams we recently reported in the United Kingdom. It’s the latest in a surge of tax-rebate phishing scams seen across the globe, prompting tax-collection agencies to issue consumer warnings.

READ MORE

Abusing Microsoft Windows Utilities to Deliver Malware for Fun and Profit

August 6, 2018 by Max Gannon in Malware Analysis

Last year, Cofense Intelligence™ observed an increase in abuse of features built into platforms that are all but ubiquitous throughout the corporate world. An overview of these developments in 2017 was covered in our 2017 Malware Review, which highlighted the abuse of Microsoft features such as Object Linking and Embedding (OLE) and Dynamic Data Exchange (DDE) to deliver malware. Since last year, this trend has continued as threat actors are exploiting a greater variety of features as well as combining multiple techniques into one campaign.

READ MORE

Geodo and TrickBot Malware Morph into Bigger Threats

August 2, 2018 by Max Gannon in Threat Intelligence

It may be time to rethink the Geodo and Trickbot malware. These botnets have recently become more of a threat by increasing in activity and in their variety of delivery mechanisms, utilities, and behaviors.

READ MORE

The Headlines Make the Case for More Efficient Phishing Response

August 1, 2018 by Tonia Dudley in Cyber Incident Response

Last week, Brian Krebs released a blog post about the recent news of a Virginia Bank being breached—not once, but twice. And he didn’t bury the headline. It was right up front: “Hackers used phishing emails to break into a Virginia Bank….”  

READ MORE

Customer Satisfaction Survey Leads to Credential Phishing

July 31, 2018 by Marcel Feller in Phishing Defense Center

The CofenseTM Phishing Defense Center (PDC) has observed a phishing campaign masquerading as a Customer Satisfaction Survey from Cathay Pacific. Fake surveys are an old tactic, but the PDC has recently seen an increase in their use. Examining the following email will show you what to look out for. At first look, the email appears to be a legitimate Satisfaction Survey. It is not uncommon to receive a reward for completing a survey, so that alone is not an Indicator of Phishing (IoP). However, as shown in Figure 1, the “Click here – Participate and Win” link feels out of...

READ MORE

Messenger of the Bots: Hermes Malware Makes Phishing Debut

July 24, 2018 by Darrel Rendell in Malware AnalysisPhishing

For the first time ever, Cofense Intelligence™ recently observed a phishing campaign distributing the infamous Hermes ransomware. The low-volume campaign delivered .doc files, weaponized with heavily obfuscated macros. These macros reached out to an attacker-controlled server to download and execute a copy of Hermes.

READ MORE

Messenger of the Bots: Hermes Malware Makes Phishing Debut

July 24, 2018 by Darrel Rendell in Malware AnalysisPhishing

For the first time ever, Cofense Intelligence™ recently observed a phishing campaign distributing the infamous Hermes ransomware. The low-volume campaign delivered .doc files, weaponized with heavily obfuscated macros. These macros reached out to an attacker-controlled server to download and execute a copy of Hermes.

READ MORE

Who’s Got Access? “Value at Risk” Anti-Phishing

July 23, 2018 by Zach Lewis in Internet Security Awareness

Part 3 of 3  So far, we have looked at the concept of “value at risk” (VAR) and how it applies to anti-phishing. We’ve seen how this model can guide your anti-phishing program by focusing on the value of assets you protect. We’ve also examined ways to translate your organization’s data to dollars, which is useful if you’re responsible for data oversight and governance—in other words, it helps to know where data might live and the (estimated) value of digital assets should a breach occur.  

READ MORE

Data to Dollars: “Value at Risk” Anti-Phishing Strategies

July 16, 2018 by Zach Lewis in Internet Security Awareness

Part 2 of 3 Last week,  we looked at the concept of “value at risk” (VAR) and how it applies to anti-phishing. This week let’s do a deep-dive into the “value” aspect of VAR. We’ll ask: do you know where your crown-jewel data is stored and how much it might be worth? Even if the answer is “Not exactly,” an educated guess can help set anti-phishing priorities.

READ MORE

This Amazon Prime Day, Keep Your Network Safe from Phishing

July 12, 2018 by Josh Bartolomie in Internet Security Awareness

Unfortunately, with the world we live in, especially with any type of highly visible promotions or sales, scammers will try to take advantage of the situation. Remember last year’s Amazon Prime Day phishing scam? Consumers around the world received an email promising a $50 bonus for writing a product review, or an email stating there was a problem with their payment method or shipping information. When they clicked on an embedded link, they went to a bogus login page designed to harvest their credentials.

READ MORE

“Value at Risk”: Focus Your Anti-Phishing on the Bottom Line

July 10, 2018 by John Robinson in Internet Security Awareness

Part 1 of 3: Over the past year at Cofense, we’ve introduced and discussed the importance of elevating the visibility of anti-phishing programs to the Board of Directors level. The key measures we presented included a measure of capability we refer to as ‘resilience’ and enumeration of which specific attacks your organization may be facing. As a result, the questions we are now answering for board members globally are – “What phishing threats do you need to be the most concerned with?” “How likely are you to stop those specific attacks in progress?” In the same time frame, the World...

READ MORE

Cofense Phishing Awareness: The Innovations Continue

June 26, 2018 by Garrett Hess in Internet Security Awareness

Every week you read about a new phishing-inflicted breach. Despite heavy spending on perimeter security, malicious emails still get through. Here’s something that can help and, best of all, costs nothing. It’s the latest in a blitz of Cofense phishing awareness innovations.

READ MORE

Phishing Defense: Let’s Get Personal

June 20, 2018 by Dan Marshall in Internet Security AwarenessPhishing

We all know phish aren’t just sent to corporate email accounts, yet this is what we hear about most often in the news. The reason, at least in part, is because headlines highlighting millions of dollars lost or millions of accounts compromised make for better news than “Man Has Personal Savings Account Drained After Clicking Malicious Link.”

READ MORE

Cofense has you covered as Office attachment attacks grow.

June 4, 2018 by Garrett Hess in Internet Security AwarenessMalware Analysis

At Cofense™, we’ve known for some time that phishing attacks using MS Office attachments were a big problem. That’s why our solutions help you combat these attacks in important ways.

READ MORE

Managed Service Gives SMB’s More Security without the Headcount

May 17, 2018 by Zach Lewis in Internet Security Awareness

If you do a Google search on “SMB’s and cyber-security,” one best practice is hard to miss. The experts say it’s smart to give employees security training. All employees, not just the cyber-warriors in IT. Another good idea: outsource your training. Let specialists spare you the cost of creating a security awareness program. Better security without more headcount—it’s why so many SMB’s trust Cofense PhishMeTM Managed Service.

READ MORE

Prevent Your Social Media Users from Arming Phishing Attackers

May 8, 2018 by Zach Lewis in Phishing

An employee goes on Facebook and makes a snarky comment about his boss. Or posts a picture of a co-worker that includes a confidential document open on her laptop. Or simply mentions your company name when sharing something online. All of these are examples of potential trouble.

READ MORE