Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Missing in Action: Several Prominent Malware of 2017

February 9, 2018 by Mollie Holleman in Phishing

Thus far in 2018, PhishMe Intelligence™ has observed a lull in multiple malware families that were prominent throughout 2017. There are several possible reasons for this hiatus.

READ MORE

Another wave of Brazilian malspam leads to banking trojan

February 9, 2018 by Cofense in Phishing

In October of 2017 we blogged about a phishing campaign specifically targeting Brazilian Portuguese- speaking users. Back then, the campaign distributed a malicious Chrome browser extension. More recently, we have observed a wave of emails that have remarkably similar characteristics. This time around, the malware of choice is a banking trojan.

READ MORE

Identify, Prioritize, and Respond to Phishing Threats Faster with PhishMe and ServiceNow

January 25, 2018 by Cofense in Cyber Incident ResponseMalware Analysis

Improve the Phishing Incident Response Workflow with PhishMe Triage™ and ServiceNow® Security Operations Security leaders are bolstering their resiliency to phishing attacks. It starts with conditioning employees to recognize and report suspicious email. Take for example “Alice,” the CISO for a Fortune 100 company. Alice’s team regularly simulates real-world phishing on employees at all levels. The program involves behavioral conditioning that requires employees to report simulated and real attacks.

READ MORE

Love Hurts – But Catphishing Doesn’t Have To

January 24, 2018 by Cofense in Internet Security Awareness

For the past few years we have discussed the power of emotion in phishing emails. This is never more valuable to understand than during the upcoming Valentine’s season. The traditions of gift giving to current partners and the romanticized notions of hearing from a secret admirer are so firmly ingrained in our minds that we become easy targets for scam artists.

READ MORE

Refocus Your Anti-Phishing From Vulnerability To Capability.

January 22, 2018 by Cofense in Internet Security Awareness

In our 2017 Enterprise Phishing Resiliency and Defense Report, PhishMe® discusses the importance of moving past susceptibility as a key indicator of anti-phishing program success. We want to shift the conversation from vulnerability (susceptibility) to capability (resiliency). That is, what are an organization’s current anti-phishing capabilities—and how is positive behavior increasing them over time to build resiliency? The chart below tracks behavior among our clients’ users during phishing simulations. In it, resiliency equals users that “reported only” divided by “all that fell susceptible.” (The latter includes those that reported after falling for simulated phishes.) Figure 1 – Three-year Resiliency Trend...

READ MORE

PhishMe Clients Are Reporting Ransomware Emails. Are You?

January 19, 2018 by Cofense in Internet Security Awareness

With the steady rise in ransomware attacks and success, it’s highly likely that related phishing variants will continue to permeate the landscape in 2018. While this is not a new threat, it’s one that you want to be truly prepared to face. With that in mind, we looked back into our 2017 data and what we found is good news for those clients running active threat ransomware simulations in their environment. Across 246 simulations and more than 712k emails, the aggregate resiliency score was 2.63. This means that for every susceptible user, there were more than 2 that reported the...

READ MORE

This Well-Trained User Caught a Phish

January 18, 2018 by Cofense in Cyber Incident ResponseMalware Analysis

As security professionals, we often view our users as a potential liability. I have plenty of first-hand experience that confirms the trope myself. But what if users could become a strength instead of a chronic risk?

READ MORE

New Enhancements Help Streamline Incident Response with PhishMe Triage

December 22, 2017 by Cofense in Phishing

With security analysts pulled in many directions, they must be able to prioritize and invoke incident response on ransomware, business email compromise (BEC), malware infections, and credential-based theft emails. The key to this is the automation and streamlining of the incident response. PhishMe Triage™ has been updated with new features to help security analysts and incident response teams streamline their processes and secure administrative access. Key Features this Release Tighter Integration – Authenticated API for integration across the incident response team Additional Security – Two-factor authentication for PhishMe Triage users More Accountability – Audit logs are generated for all users...

READ MORE

Zeus Panda Prominent in Italian-Language Phishing Throughout 2017

December 22, 2017 by Mollie Holleman in Malware Analysis

In 2017, PhishMe® analyzed over 40 Italian-language phishing campaigns that targeted victims with Zeus Panda. This popular multipurpose banking trojan is primarily designed to steal banking and other credentials, but is capable of much more as it provides attackers with a great deal of flexibility. Although some variation was observed, many of these campaigns demonstrated a large degree of shared tactics, techniques and procedures (TTPs).  Given the prolific nature of these campaigns, it is likely that Italian-language phish will continue to deliver Zeus Panda in 2018. Organizations should be alert to the indicators of compromise and phishing TTPs to prevent...

READ MORE

Recent Sigma Ransomware Campaign Demonstrates Danger in the Simplest of Changes to Malware Delivery

December 20, 2017 by Mollie Holleman in Malware Analysis

On 1 December 2017, PhishMe Intelligence™ identified a new delivery technique for Sigma ransomware, which was most likely employed to evade automated detection and mitigation by email and anti-malware defenses. Potential victims received phishing emails with an embedded image as the message body that also included an attached Microsoft Office document containing a malicious macro. The embedded image contained a password that could be used to open the Microsoft Office document.

READ MORE

Dyre Trojan Expands to Career Website Targets

February 18, 2015 by Cofense in Malware Analysis

The MAAWG conference in San Francisco provides an opportunity for the leading hosting companies, Internet Service Providers, and Internet and email security companies to collaborate, develop best practices, and share information. We took the opportunity to speak to attendees about Dyre malware, and how the Trojan is now a serious concern. In recent days, we have seen an aggressive expansion in the targets that Dyre is configured to steal credentials from. Dyre malware is currently being spread via spam email and the Upatre downloader. We have already reached out to many of the newly impacted brands, several of which had a...

READ MORE

CTB-Locker: The Latest Crypto Malware Coming to you Via Email Spam

January 19, 2015 by Cofense in Malware Analysis

The latest crypto malware threat – CTB-Locker – promises to be one of the most serious security threats seen in recent years. The latest crypto malware is one of many of its ilk that have emerged in the past two years. This form of malware encrypts files on victims’ computers and will not unlock them until a ransom is paid. Only then will the key to decrypt data be provided. Crypto malware has been around for some time, although its popularity has been increasing over the past couple of years. One of the first major crypt malware variants was CryptoLocker....

READ MORE

The Evolution of Upatre and Dyre

January 16, 2015 by Cofense in Malware Analysis

Over the last few months, we’ve been tracking Dyre and reporting changes to the malware on this blog.  Dyre’s latest iteration shows  yet another shift in tactics – one that combines characteristics of Dyre with Upatre code to create a new downloader… Figures 1, 2, 3 and 4 shows three different emails, all with the same content but with different malicious links, which we we’ll use interchangeably in our examples.

READ MORE

MS Word and Macros… Now With Social Engineering Malware

December 15, 2014 by Cofense in Internet Security AwarenessMalware Analysis

On December 11, one of our employees reported a phishing  email with PhishMe’s Reporter for Outlook that contained a particularly nasty Word document. The malicious payload included PowerShell, VBA, and batch code. Here’s a screenshot of the phishing email:

READ MORE

Cridex Malware Authors Warn Lloyds users of Dyre

November 19, 2014 by Cofense in Malware Analysis

PhishMe malware researchers have been helping you protect your network by sharing information about the Dyre Trojan and Cridex malware on a daily basis for several months; however, in that time we have not seen any actions as bold as those used by the Cridex malware authors today. Dyre is the current top banking Trojan being distributed by email, and it poses a significant threat to businesses and consumers. The Trojan steals credentials and the attackers use that information for financial fraud. Threat Analyst Neera Desai let us know about this new threat from today’s Cridex attack, which uses a malicious Microsoft...

READ MORE

Three Ways Reporter Can Enhance Your Incident Response Process

November 18, 2014 by Cofense in Cyber Incident Response

Most of us have been in an airport and heard the announcement over the loud speaker; “If you see something, say something.”  The airport has security personnel; however, their agents cannot be everywhere at once.  They collectively rely on travelers passing through the airport to be their eyes and ears in places agents cannot be.  In this way, as an airport traveler, you are a “sensor” watching for, detecting, and alerting on suspicious behavior such as unoccupied luggage. What does this have to do with information security? Just as passengers can help prevent an incident in the airport by reporting...

READ MORE

Two Attacks… Two Dyres… All Infrastructure

November 6, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Over the last few days, we have seen two waves of Dyre. The attackers have changed things up a bit and made it harder to analyze. By using memory forensics techniques, we took a peek into their command and control (C2) infrastructure. The #1 rule of memory forensics…everything has to eventually be decoded, and we’re going to use this to our advantage. Here’s a quick look at the waves of emails we received. (Figures 1 and 2)

READ MORE

.NET Keylogger: Watching Attackers Watch You

October 16, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Throughout life, there are several things that make me smile. Warm pumpkin pie, a well-placed nyan nyan cat, and most of all – running malware online – never fail to lift my mood. So imagine my surprise to see, after running a malware sample, that the attackers were watching me. Here’s a screenshot of a phishing email we received, which contained a keylogger written in .NET.

READ MORE

Bash Vulnerability CVE-2014-6271 – Worm-able and Possibly Worse Than Heartbleed

September 25, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Post Updated 9/30/2014 Several months ago, the Internet was put to a halt when the Heartbleed vulnerability was disclosed. Webservers, devices, and essentially anything running SSL were affected; as a result, attackers were able to collect passwords, free of charge. With Heartbleed, the exploit made a splash and many attackers started to use the vulnerability. One of the more high-profile attacks of Heartbleed was the CHS attack, where the attackers siphoned 4.5 million patient records by attacking a Juniper device, then hopping onto their VPN. So how can something be bigger than Heartbleed? I’m glad you asked.

READ MORE

PDF Exploits: A Deep Dive

September 8, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user.

READ MORE

University W2 Phishing and CEO Impersonation

April 13, 2016 by Cofense in Phishing

At PhishMe we talk frequently about a familiar concept that cyber attacks and phishing emails are very rarely sent to only one organization. While  security teams tend to focus on threats to your organization, PhishMe Intelligence is watching for email-based threats for EVERY organization. As we were gathering information about tax-related phishing scams this year, we noticed that institutes of higher learning were being hit quite broadly by this year’s W2 related scams.

READ MORE

RockLoader – New Upatre-like Downloader Pushed by Dridex, Downloads all the Malwares

April 12, 2016 by Cofense in Phishing

On 4/6, the Phishing Intelligence team came across a wave of phishing emails that contained a .js file packaged inside of a zip file used to deliver malware. This is nothing new, and has been seen being pushed out by resources associated with the Dridex botnet and the Locky encryption ransomware. The interesting piece is that the attackers are using a new piece of malware called RockLoader to download and install the malware on remote systems. Downloaders are nothing new, as Upatre was used with Dyre and Gameover ZeuS in the past. RockLoader has several tricks up its sleeve.

READ MORE

PhishMe April Cybercrime Alert: Ransomware Attacks Expected to Increase

March 31, 2016 by Cofense in PhishingPress Releases

Cybersecurity Experts, Former Federal Law Enforcement Professionals Say Cryptocurrency, Digital Data and Vulnerable Employees May Fuel Largest Crimewave in Modern History LEESBURG, Va. – March 31, 2016 – PhishMe Inc., the leading provider of human phishing defense solutions, today released its April Cybercrime Alert, warning all organizations that its threat researchers expect ransomware attacks to increase as cybercriminals become increasingly aware that: Ransomware is readily-available and changes faster than detection technologies can respond In most cases, paying the ransom is the only way to free hostage data and systems Recent successful ransom situations will only encourage more attempts Cryptocurrencies such...

READ MORE

Tax Time is Phishing Time: Here’s How to Help!

March 31, 2016 by Heather McCalley in Phishing

Important disclaimer: THE IRS DOES NOT INITIATE CONTACT WITH TAXPAYERS BY EMAIL, TEXT MESSAGE, OR SOCIAL MEDIA CHANNELS TO REQUEST PERSONAL OR FINANCIAL INFORMATION. (See: https://www.irs.gov/uac/Report-Phishing ) The IRS has a very active security team, currently part of the U.S. Treasury Inspector General for Tax Administration (TIGTA), that is responsible for fighting phishing and tracking down the criminals who prey on U.S. tax payers.  If you believe you have received a Phishing email, please help them by reporting the email you received to phishing@irs.gov.  Additionally, please also consider sending a copy to our team.  PhishMe Brand Intelligence automatically processes any URLs...

READ MORE

Reclaiming the Edge in the Battle Against Phishing Attackers

March 15, 2016 by Cofense in Phishing

There is a reason that most data breach incidents involve phishing attacks: phishing works.  Attackers know that it is far easier to gain access to a protected network by tricking people into clicking on malicious links and attachments than it is to penetrate sophisticated firewalls and intrusion detection systems.  And they know that they have an edge over the defenders because they only have to win once to gain access. As defenders, we need to stop them every time.  We can’t prevent attackers from soliciting people with phishing emails.  But we can take away their edge.

READ MORE

PhishMe CTO Aaron Higbee Discusses Ransomware Dangers on CNBC SquawkBox

March 14, 2016 by Cofense in Phishing

Aaron Higbee, PhishMe co-founder and CTO, was featured on a recent CNBC SquawkBox broadcast segment discussing recent ransomware trends plaguing the healthcare space. During the attack, a phishing email is sent to the user’s inbox prompting them to click a malicious link that begins encrypting files and storage drives on your computer. Once the files are encrypted, the only way to retrieve the data from the malicious actors is to pay a ransom in BitCoin. In the video (seen below), Higbee dives deeper into the various motivations for these types of attacks and how businesses can better prepare themselves to...

READ MORE

Ransomware Rising – Criakl, OSX, and others – PhishMe Tracks Down Hackers, Identifies Them and Provides Timeline of Internet Activities

March 10, 2016 by Cofense in Phishing

Over the last few months, the Phishing Intelligence team has observed a huge increase of ransomware. Many attackers are starting to experiment with ransomware as an alternative to quickly monetize. Dridex has employed a new family of ransomware named Locky, which is a pretty drastic shift in what this group is known for doing. We’re even seeing attackers go after OSX with ransomware, something that was once thought to be immune from malware, however there were nearly 6,500 users who downloaded the compromised BitTorrent client. Follow along with us as we deconstruct a recent ransomware attack and hack the hackers behind the...

READ MORE

PhishMe’s Rohyt Belani Honored as a CEO of the Year in Info Security Products Guide’s 2016 Global Excellence Awards

March 10, 2016 by Cofense in PhishingPress Releases

Judges Recognize PhishMe CEO for Leadership Excellence and Significant Contributions to the Cybersecurity Community LEESBURG, VA – March 10, 2016 – PhishMe® Inc., the leading provider of human phishing defense solutions, today announced that CEO and co-founder Rohyt Belani has been honored as a “CEO of the Year” category winner of the 2016 Info Security Products Guide Global Excellence Awards®. These prestigious global awards, put on by the industry’s leading information security research and advisory guide, recognize security and IT vendors with advanced, ground-breaking products and solutions that are helping set the bar higher for others in all areas of...

READ MORE

PhishMe Takes Home 2016 SC Magazine Award for Best IT Security-Related Training Program

March 3, 2016 by Cofense in Cofense NewsPhishingPress Releases

Judges Recognize Human Phishing Defense Solution Used by Fortune 500 Enterprises to Protect Data and Systems Against Multi-Billion Dollar Phishing Threat LEESBURG, Va. & SAN FRANCISCO – March 3, 2016 – PhishMe® Inc., the leader in human phishing defense solutions, today announced that SC Magazine honored the company with a 2016 SC Award for Best IT and Security Training Program. Winners of this prestigious award were chosen after undergoing a rigorous judging process that included testimonials, industry assessments and additional research. PhishMe was hand-picked by a panel of judges for its outstanding service, qualifications and advancements to the cybersecurity industry.

READ MORE

PhishMe Releases Channel-Exclusive Human Phishing Defense Solution for SMBs for Launch of Formal Channel Program

March 3, 2016 by Cofense in Cofense NewsPhishingPress Releases

Trusted Leader in Phishing Defense Expands Offerings to Global Customers Through Expanded Distribution Channels and New Product Offering LEESBURG, Va. & SAN FRANCISCO – March 3, 2016 – PhishMe® Inc., the leading provider of human phishing defense solutions, today unveiled during RSA 2016 the PhishMe Channel Alliance, a formalized channel distribution program designed to bring premier PhishMe security solutions to the global market. Following PhishMe’s record-breaking 892 percent growth over the last three years, the company is kicking off its global channel efforts by releasing a new solution available exclusively through the channel and made specifically for small and medium-sized...

READ MORE