By Jerome Doaty, Zakari Grater, and Brenda Gooshaw Samson Technology is an important part of any phishing defense, especially perimeter tech designed to filter emails. But these systems, even those billed as “next-gen email security platforms,” don’t catch everything. Some phishes always get through.
Most security teams today are pretty much in the same boat: limited budget, limited man power, and limited time to defend their network against escalating threats and attacks. Perhaps that’s why so many information security vendors claim to have the “silver bullet” to protect the customer’s environment and solve their problems.
One of the keys to a successful anti-phishing program is communication. Specifically, communicating with users before and after a phishing scenario.
Imagine a cunning phisher: he knows his craft and sends your users an email appearing to come from your CEO that bypasses all your other technology. What would you do? One of our customers faced that very scenario and relied on Cofense TriageTM and the Cofense Phishing Defense Center (PDC) to analyze and respond to the attack in less than 20 minutes after it launched.
On March 22nd, Cofense came across a rather unique malware sample that had a very low detection rate. At the time of analysis, the file was only detected by 5/61 AV engines. The detection rate did not reach 30% until at least a week later, as per VirusTotal: 38015eb1699b7596e8c95fed7f0bc32d1492b371bd4d7953019f69dcf40ff1fd.
Over the past few years, we have seen media attention drawn towards the length of our attention spans as related to our use of technology. Some reports claim a drop from 12 seconds to 8 seconds over the past decade, while others refute that data.
Back in 2008, Cofense™ (PhishMe®) pretty much invented the phishing awareness industry when we unveiled the first phishing simulation program for businesses. Cofense PhishMe™ made it easy to condition employees to recognize and report phishing emails and today, over 27 million (and counting) end users in 160 countries, including employees at half the Fortune 100, rely on our expertise.
Become the First Security Awareness Professional to be Fully Certified in Phishing Simulation Programs with CofenseMarch 29, 2018 by phishme in Cyber Incident ResponseInternet Security Awareness
Want to boost your anti-phishing and your professional creds? Now you can, in just a few hours and on your own schedule. Cofense™ is pleased to announce the Cofense PhishMe™ certification, the industry’s first and only professional certification for phishing simulation programs. It’s your chance to fully master Cofense PhishMe, our award-winning phishing awareness training solution, while becoming a certified expert in phishing simulation programs.
New additions to the TrickBot malware’s capabilities, observed by the Phishing Defence Centre, indicate that this malware tool is undergoing active development. The designers of this malware are still working hard to introduce new functionality including a network worm functionality and a screen-lock module. The worm component utilises the leaked “EternalBlue” exploit for CVE-2017-0144 to propagate itself across networks that have yet to patch or discontinue the use of SMBv1. The deployment of the screen-lock module (which appears to be still in the early phases of development) gives the threat actors the ability to change the functionality of the malware...
Many gamers are unaware that they are either potential targets for mining botnets or that they may already be mining cryptocurrencies for cybercriminals. Why are gamers targets? Think about it. Mining requires a large graphics card (GPU), a dedicated Internet connection and an uninterrupted power source. Gamers use powerful and immersive, high-performing GPU’s to stay online and play networked games without interruption. It’s the perfect recipe for crypto mining.