Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response
Resources
Resources

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Karo Ransomware Raises Stakes for Victims by Threatening to Disclose Private Information

July 13, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

A ransomware victim must have a compelling reason to go through the burdensome process of obtaining Bitcoin and paying the ransom. For many victims, the threat of permanently losing access to their files is enough. However, some ransomware authors and criminals seek to push victims harder by raising the stakes even further.

READ MORE

Threat Actors Continue Abusing Google Docs and Other Cloud Services to Deliver Malware

July 6, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

A key part of phishing threat actors’ mission is to create email narratives and leverage malware delivery techniques that reduce the likelihood of detection. By combining compelling social engineering with seemingly benign content, threat actors hope to bypass technical controls and to convince their human victims of a phishing email’s legitimacy. One method with a long history of use is the abuse of Google Docs file sharing URLs to deliver malware content to victims. Because Google Docs and other cloud services may be trusted within an enterprise, threat actors will continue to abuse file sharing services to possibly bypass firewalls...

READ MORE

Petya-like Ransomware Triggers Global Crisis with Echoes of WannaCry Attack

June 28, 2017 by Cofense in Internet Security AwarenessMalware AnalysisRansomware

For the second time in as many months, networks around the world have been attacked using a worming ransomware that gains new infections by exploiting a recently-patched Windows SMB vulnerability among other proven techniques. What has been described a ransomware bearing significant similarities to the Petya encryption ransomware ravaged numerous companies and networks around the world with disproportionate impact in Ukraine and Eastern Europe but also inflicted harm to significant numbers of victims in Western Europe and North America.

READ MORE

Threat Actors Leverage CVE 2017-0199 to Deliver Zeus Panda via Smoke Loader

June 22, 2017 by Eesaan Atluri in Malware AnalysisPhishingPhishing Defense Center

Our Phishing Defense Center identified and responded to attacks leveraging a relatively new Microsoft Office vulnerability during the past few weeks. Last week, the PDC observed threat actors exploiting CVE 2017-0199 to deliver the Smoke Loader malware downloader which in turn was used to deliver the Zeus Panda botnet malware. These emails claim to deliver an invoice for an “outstanding balance” and trick the recipient to opening the attached file. In one instance, we have also seen the malicious attachment being delivered via URL.

READ MORE

Tracking and Mitigating Zyklon Phishing Using Threat Intelligence and Yara

June 21, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

The Zyklon HTTP Botnet malware is a tool that is readily accessible to threat actors in online criminal marketplaces and has been observed in use for various criminal activities. Among its features is the ability to log the keystrokes typed by a victim as well as to collect other private or sensitive information, and one of the most notable uses for Zyklon has been as a downloader and delivery tool for the Cerber encryption ransomware. Over a dozen unique campaigns to deliver this malware have been identified and reported by PhishMe Intelligence and it represents one of the most rapidly-growing...

READ MORE

Registration is Now Open for PhishMe Submerge 2017 – Phishing Defense Summit and User Conference

June 20, 2017 by Cofense in Phishing

We are thrilled to announce today registration for this year’s PhishMe Submerge™ Phishing Defense Summit and User Conference is live! Last year’s summit was a massive success – you don’t want to miss out on this year’s event.

READ MORE

SMILE – New PayPal Phish Has Victims Sending Them a Selfie

June 15, 2017 by Chase Sims in Malware AnalysisPhishingPhishing Defense Center

Phishing scams masquerading as PayPal are unfortunately commonplace. Most recently, the PhishMe Triage™ Managed Phishing Defense Center noticed a handful of campaigns using a new tactic for advanced PayPal credential phishing. The phishing website looks very authentic compared to off-the-shelf crimeware phishing kits, but also levels-up by asking for a photo of the victim holding their ID and credit card, presumably to create cryptocurrency accounts to launder money stolen from victims.

READ MORE

TrickBot Featured in New Wave of Phishing Emails Signaling Renewed Use of this Botnet Malware

June 13, 2017 by Cofense in Internet Security AwarenessPhishing

The TrickBot financial crimes and botnet malware has seen mild usage since its introduction in late 2016. While it is able to emulate many of the features that made the Dyre trojan so successful, many aspects of its deployment left it rough around the edges. Examples of this roughness like persistence via a scheduled Windows task named “Bot” limited this malware’s evasion and anti-forensic capabilities. Furthermore, previous deliveries leveraged relatively simplistic techniques such as relying on executables in archives attached to phishing emails securing new infections. However, with some very minor refinements to both the malware resident and delivery processes,...

READ MORE

PhishMe® Adds GDPR Compliance Training Module to Complimentary CBFree Offering

June 8, 2017 by Cofense in Internet Security AwarenessPhishing

Beginning today, we’re offering a complimentary, computer-based training module covering the European Union’s recent General Data Protection Regulation (GDPR) as part of our PhishMe CBFree™ package to help support companies throughout the UK and Europe that are required to comply.

READ MORE

Panda versus DELoader: Threat Actors Experiment to Find the Best Malware for the Job

June 5, 2017 by Neera Desai in Internet Security AwarenessPhishing

One important task for threat actors is the pursuit of new and innovative techniques for infiltrating their victims’ networks. A major aspect of this pursuit is the selection of a malware that can accomplish the mission at hand. For example, a ransomware threat actor may seek out the ransomware tool that guarantees the highest rate of ransom payment. However, threat actors with different missions might seek out tools using different success criteria. Threat actors can experiment and transition between these tools because, in many ways, these malware varieties represent interchangeable parts in an attack life cycle.

READ MORE

Top Phishing Concerns of DNS Providers

August 29, 2013 by PhishMe in Internet Security AwarenessThreat Intelligence

Twitter and the New York Times were hacked this week, which means that they have officially joined the ranks of other major news organizations, including the Financial Times and Washington Post who have been targeted by hackers over the past few months. So, how’d it happen? Three things: hacker groups, DNS providers and spear phishing. The Syrian Electronic Army (SEA) appears to be taking credit for this attack, as their logo was prominently displayed at NYTimes.com when the site was compromised. The SEA, a hacker group, protesting Syrian President Bashar Al-Assad, launched the attack in order to generate high profile awareness...

READ MORE

An untapped resource to improve threat detection

July 31, 2013 by Scott Greaux in Internet Security AwarenessThreat Intelligence

Speaking in front of the House Committee on Special Intelligence earlier this year, Kevin Mandia (CEO of Mandiant) remarked that, “One of the most valuable resources in detecting and responding to cyber attacks is accurate and timely threat intelligence.”  Despite its value, many organizations don’t have a way to get timely threat intelligence. How can organizations improve in this area? If you know anything about us, it probably won’t shock you that we’re encouraging enterprises to focus on their users as a source of real-time threat intelligence. Given that the vast majority of targeted attacks focus on the end user...

READ MORE

Royal Baby Spam and Malware Attack Happening Now

July 25, 2013 by PhishMe in Malware Analysis

It’s unfortunate, but when the general public is captivated by a certain news story, cybercriminals are hard at work exploiting the publicity that the news attracts. Exploitation can take many forms. In the cybersecurity space, we often see fake news stories about trending topics floating around. Fake news is becoming a serious problem. It is becoming harder to differentiate fake news from real news. Those fake news stories often have one sole purpose. To trick Internet users into clicking on a malicious link. Such is the case right now. The public is captivated by content about the new royal baby...

READ MORE

Build Phishing Countermeasures to Protect Your Brand

May 22, 2013 by PhishMe in PhishingThreat Intelligence

Corporations fight phishing each and every day. Large and recognizable financial institutions, retail companies, internet service providers/telecommunication companies are among those most heavily targeted victims of phishing. While the aftermath of a phishing attack is costly and yields long-term consequences, it’s quite difficult to keep up with cybercriminals. It’s shockingly easy for cybercriminals to create a phishing site targeted at your brand, so easy that the cybercriminal simply needs to unpack and upload a pre-built “phishing kit” in order to create a new phishing website. Just one phishing kit can produce hundreds of phishing URLs. With just a few clicks...

READ MORE

Defining a Sophisticated Attack

March 18, 2013 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

What do nearly all of the recent high-profile data breaches have in common? They have all been traced to sophisticated threats and cyber criminals. While there are many disagreements in the security industry, after every significant breach nearly everyone agrees that it was sophisticated (Twitter, Apple, and the Department of Energy are some of the unfortunate organizations to be compromised by a sophisticated attack recently). On the surface, it isn’t hard to see why. First, technology vendors need attackers to be super sophisticated, because simple tactics couldn’t circumvent their products, right? For victims of a breach, it is advantageous for...

READ MORE

What Trend Micro’s research means for organizations

November 29, 2012 by Rohyt Belani in Malware AnalysisPhishingThreat Intelligence

Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution. Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.

READ MORE

Machines v/s Humans: Who Do You Think Is More Intelligent?

June 9, 2011 by Cofense in Cyber Incident ResponseThreat Intelligence

As the barrage of security breaches continues, Citigroup is the latest victim. This eWeek article: http://www.eweek.com/c/a/Security/Citigroup-Credit-Card-Portal-Breach-Compromises-200000-Customers-461930/ discusses the potential impact of this attack.   One of the commentators brings up the topic of phishing.   Hannigan, the CEO of Q1 labs, rightly points out that  “Security trust means more than just making sure you’re in compliance with regulations,”. On the other hand, some of the quotes, like that from Anup Ghosh, co-founder of Invincea has a blatant technology solution vendor bias. He discounts human intelligence when referring to customers in this quote – “it’s not reasonable to expect them to differentiate...

READ MORE

Numbers of Victims of Cybercrime are Soaring

April 30, 2014 by PhishMe in Internet Security Awareness

Reports from law enforcement agencies around the world show that there have been even more victims of cybercrime in the past 12 months than in any other year. Attacks are being conducted alarmingly frequently, and cybercriminals are becoming even more brazen. However, cybercrime is still not dealt with in the same way as other types of crime. Say you leave home, only to return to your front door kicked in. Everything of value has been stolen. What would you do? You’d call the police immediately, right? Now pretend you get an email from what looks to be your bank. They...

READ MORE

Phishing with a malicious .zip attachment

April 29, 2014 by Cofense in Phishing

A few weeks ago, we received a round of phishing emails with malware that seemed a little more special than your run-of-the-mill ZeuS, so we decided to give it some analysis. The email was reported by a user at PhishMe. We really do drink our own kool-aid. Figure 1 shows a screenshot of the email that is being analyzed.

READ MORE

HTML Attachment Phishing: What You Need to Know

April 23, 2014 by PhishMe in Phishing

Are you aware of HTML attachment phishing? It is one of the latest trends with cybercriminals. Instead of emailing downloaders that contact C7C servers to download crypto malware, Troijans, or other nasties, HTML attachments are being sent. HTML attachment phishing is less well known, and as a result, many people are falling for phishing scams. Even though this past weekend was a holiday weekend for many, there is a good chance that you still checked your email fairly often. If you are like me, you typically use your phone or another mobile device to check your email on the go....

READ MORE

Watering Holes vs. Spear Phishing

April 22, 2014 by Cofense in Phishing

Watering-hole attacks have been established as an effective attack technique for a while now. As the industry has analyzed some prominent examples, many have come to the conclusion that watering-holes present an alternative to spear phishing. The recently released Symantec Internet Security Threat Report highlights this viewpoint, as it concluded: “Targeted attacks no longer rely as heavily on spear-phishing attacks in order to penetrate an organization’s defenses. More recently the attackers have expanded their tactics to include watering-hole attacks, which are legitimate websites that have been compromised for the purpose of installing targeted malware onto the victim’s computer.” FireEye also...

READ MORE

Cyber Chess: How You Can Win

April 21, 2014 by PhishMe in Internet Security Awareness

Most of us are not very good at playing chess – if we play at all.  However, many of us at least have some familiarity with the game. The following quick description will help in the discussion of Cyber Chess – the game the good guys (white pieces) “play” against the cybercriminals (black pieces) as they try to steal anything we value from our cyber world. The chess game is described in three phases. The Opening:  During the opening, you and your opponent make several moves to establish a battlefront. The Middle Game:  The middle game is the direct battle...

READ MORE

Why Do We Treat Cybercrime Differently than Real-Life Crime?

April 20, 2014 by PhishMe in Internet Security Awareness

What would you do if you were the victim of a crime? For example, what if you walk out to your car after work and find the window smashed and the stereo stolen? Wouldn’t you call the police? Imagine that, this weekend, you’re leaving a bar with some friends. A man walks up, points a gun at you and demands your wallet. You’d call the police, right? Now pretend you receive an email saying that the bank needs you to reset your password. You go to the provided website in the email and the next time you check your balance...

READ MORE

Cybercrime Lessons from HBO’s True Detective

March 31, 2014 by PhishMe in Internet Security Awareness

For those who did not follow HBO’s recent hit drama, True Detective, starring Woody Harrelson (as detective Marty” Hart) and Matthew McConaughey (as detective “Rust” Cohle), it was an intense drama about a seventeen-year struggle to break a serial murder case and bring a sadistic criminal to justice. For those who do know all about True Detective, that is not a surprise. So, what does a TV murder mystery have to do with fighting cybercrime and can we learn anything from True Detective?  At first, there would appear to be little commonality between murder and cybercrime –doubly so in this case for...

READ MORE

Woops! Army’s attempt at a phishing simulation bombs

March 14, 2014 by Aaron Higbee in Phishing

At PhishMe, we feel like we’ve done a pretty good job of debunking the idea that you can address the spear phishing threat using the pentest model, but after reading this Washington Post story about a phishing test gone awry, it looks like we still have some work to do. In this test, an Army combat commander sent an email to a “small group” of Army employees disguised as an email from their retirement plan provider urging them to log in to their accounts. The email used the name of Thrift Savings Plan, the actual 401(k) account provider for most...

READ MORE

Will the Target fallout shift focus away from compliance?

March 14, 2014 by Cofense in Internet Security Awareness

While in the check-out line at Target recently, I observed an interesting exchange that shows just how deep the impact from Target’s massive data breach has been. While rummaging for bills in her wallet, the woman in front of me in line asked the cashier whether anyone still used their credit card at Target anymore. The cashier could only shrug, but the fact that two ordinary people were discussing the impact of a data breach was remarkable, and Target’s recent sales numbers show that people aren’t only nervous about using credit cards at Target, they are avoiding the retailer altogether....

READ MORE

Who’s to Blame for the Target Data Breach?

March 14, 2014 by PhishMe in Internet Security Awareness

Why are we still discussing the Target data breach that occurred in March 2014? In a world where ‘news’ literally lasts minutes – OK maybe hours or in special cases days – here we are still discussing a data breach that started around November 27 – December 15, 2013! What is so special about the Target data breach that warrants all of this media attention? Well let’s start by putting the importance of this data breach in context. At the RSA Conference, TripWire did a survey that revealed the Target data breach has had a larger impact than Edward Snowden’s leaks on...

READ MORE