Is .XLSX Phishing Making a Comeback?
April 6, 2018 by Charlie Aiken in Cyber Incident ResponseMalware AnalysisOn March 22nd, Cofense came across a rather unique malware sample that had a very low detection rate. At the time of analysis, the file was only detected by 5/61 AV engines. The detection rate did not reach 30% until at least a week later, as per VirusTotal: 38015eb1699b7596e8c95fed7f0bc32d1492b371bd4d7953019f69dcf40ff1fd.
Attention Spans and Education Design
April 5, 2018 by John Robinson in Cyber Incident ResponseInternet Security AwarenessOver the past few years, we have seen media attention drawn towards the length of our attention spans as related to our use of technology. Some reports claim a drop from 12 seconds to 8 seconds over the past decade, while others refute that data.
Doubling Down on PhishMe with New Features and Awareness Focus
April 4, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessPhishingBack in 2008, Cofense™ (PhishMe®) pretty much invented the phishing awareness industry when we unveiled the first phishing simulation program for businesses. Cofense PhishMe™ made it easy to condition employees to recognize and report phishing emails and today, over 27 million (and counting) end users in 160 countries, including employees at half the Fortune 100, rely on our expertise.
Become the First Security Awareness Professional to be Fully Certified in Phishing Simulation Programs with Cofense
March 29, 2018 by phishme in Cyber Incident ResponseInternet Security AwarenessWant to boost your anti-phishing and your professional creds? Now you can, in just a few hours and on your own schedule. Cofense™ is pleased to announce the Cofense PhishMe™ certification, the industry’s first and only professional certification for phishing simulation programs. It’s your chance to fully master Cofense PhishMe, our award-winning phishing awareness training solution, while becoming a certified expert in phishing simulation programs.
Analysing TrickBot Doesn’t Have to be Tricky
March 28, 2018 by Milo Salvia in Malware AnalysisPhishing Defense CenterNew additions to the TrickBot malware’s capabilities, observed by the Phishing Defence Centre, indicate that this malware tool is undergoing active development. The designers of this malware are still working hard to introduce new functionality including a network worm functionality and a screen-lock module. The worm component utilises the leaked “EternalBlue” exploit for CVE-2017-0144 to propagate itself across networks that have yet to patch or discontinue the use of SMBv1. The deployment of the screen-lock module (which appears to be still in the early phases of development) gives the threat actors the ability to change the functionality of the malware...
Gamers, beware. You are a target for crypto-mining botnets.
March 26, 2018 by Jitendera Sarda in Internet Security AwarenessMalware AnalysisMany gamers are unaware that they are either potential targets for mining botnets or that they may already be mining cryptocurrencies for cybercriminals. Why are gamers targets? Think about it. Mining requires a large graphics card (GPU), a dedicated Internet connection and an uninterrupted power source. Gamers use powerful and immersive, high-performing GPU’s to stay online and play networked games without interruption. It’s the perfect recipe for crypto mining.
By focusing on new hires, this healthcare company lowered its phishing susceptibility.
March 23, 2018 by Zach Lewis in Internet Security AwarenessPhishing Defense CenterA regional healthcare provider started using Cofense PhishMeTM so employees could learn to recognize different types of phishing. At first, the company sent all employees simulated phishes that were tough to recognize. No surprise, susceptibility was high across the business.
The Latest in Software Functionality Abuse: URL Internet Shortcut Files Abused to Deliver Malware
March 22, 2018 by Neera Desai in Internet Security AwarenessMalware AnalysisThreat IntelligenceAdding to a growing trend of phishing attacks wherein Windows and Office functionalities are abused to compromise victim systems, Cofense Intelligence™ has analyzed a recent campaign that uses the URL file type to deliver subsequent malware payloads. This file type is similar to a Windows LNK shortcut file (both file types share the same global object identifier within Windows) and can be used as a shortcut to online locations or network file shares. These files may abuse built-in functionality in Windows to enhance the ability of an attacker to deliver malware to endpoints. By abusing these built-in functionalities, threat actors...
Sigma Ransomware Resurfaces Following a Three-Month Disappearance
March 21, 2018 by Mollie Holleman in Internet Security AwarenessMalware AnalysisRansomwareThreat IntelligenceCofense Intelligence™ uncovered a resurgent Sigma ransomware campaign on March 13, 2018 following a noted three-month hiatus of the malware. Although many aspects of this campaign—including its anti-analysis techniques—are consistent with previously analyzed Sigma samples, its return is in and of itself atypical.
New Name, Same People, Stronger Balance Sheet
March 20, 2018 by Rohyt Belani in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishingPhishing Defense CenterRansomwareThreat IntelligenceRohyt Belani, CEO & Co-founder, Cofense So far, it’s been a very exciting 2018 here at Cofense, with our recent acquisition and announcement of our new name and brand. We continued performing well as a company and launching numerous new features across our products.