Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response
Resources
Resources

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Threat Actors Use Advanced Delivery Mechanism to Distribute TrickBot Malware

August 1, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

Threat actors’ consistent pursuit of improved efficiency is a key characteristic of the phishing threat landscape. One method for improving efficiency is to use a unique delivery technique that not only allows threat actors to distribute malware but also succeeds in evading anti-virus software and technologies.

READ MORE

Ribbon Cutting – Running Macros with CustomUI Elements

July 28, 2017 by Cofense in Malware AnalysisPhishing

PhishMe® Research has generally seen macro execution in PowerPoint tied to specific actions and events, such as a mouse interaction with an object or custom actions. But the “Ribbon Cutting” technique uses a different method; it runs macro code by creating a UI callback that is triggered when the file is opened. Although in the example below we use PowerPoint, the technique can be used in other Office applications that support ribbon customizations.

READ MORE

Threat Actor Employs Hawkeye Malware with Multiple Infection Vectors

July 24, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing Defense Center

On July 13, 2017, the Phishing Defense Center reviewed a phishing campaign delivering Hawkeye, a stealthy keylogger, disguised as a quote from the Pakistani government’s employee housing society. Although actually a portable executable file [1], once downloaded, it masquerades its icon as a PDF. 

READ MORE

Karo Ransomware Raises Stakes for Victims by Threatening to Disclose Private Information

July 13, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

A ransomware victim must have a compelling reason to go through the burdensome process of obtaining Bitcoin and paying the ransom. For many victims, the threat of permanently losing access to their files is enough. However, some ransomware authors and criminals seek to push victims harder by raising the stakes even further.

READ MORE

Threat Actors Continue Abusing Google Docs and Other Cloud Services to Deliver Malware

July 6, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

A key part of phishing threat actors’ mission is to create email narratives and leverage malware delivery techniques that reduce the likelihood of detection. By combining compelling social engineering with seemingly benign content, threat actors hope to bypass technical controls and to convince their human victims of a phishing email’s legitimacy. One method with a long history of use is the abuse of Google Docs file sharing URLs to deliver malware content to victims. Because Google Docs and other cloud services may be trusted within an enterprise, threat actors will continue to abuse file sharing services to possibly bypass firewalls...

READ MORE

Petya-like Ransomware Triggers Global Crisis with Echoes of WannaCry Attack

June 28, 2017 by Cofense in Internet Security AwarenessMalware AnalysisRansomware

For the second time in as many months, networks around the world have been attacked using a worming ransomware that gains new infections by exploiting a recently-patched Windows SMB vulnerability among other proven techniques. What has been described a ransomware bearing significant similarities to the Petya encryption ransomware ravaged numerous companies and networks around the world with disproportionate impact in Ukraine and Eastern Europe but also inflicted harm to significant numbers of victims in Western Europe and North America.

READ MORE

Threat Actors Leverage CVE 2017-0199 to Deliver Zeus Panda via Smoke Loader

June 22, 2017 by Cofense in Malware AnalysisPhishingPhishing Defense Center

Our Phishing Defense Center identified and responded to attacks leveraging a relatively new Microsoft Office vulnerability during the past few weeks. Last week, the PDC observed threat actors exploiting CVE 2017-0199 to deliver the Smoke Loader malware downloader which in turn was used to deliver the Zeus Panda botnet malware. These emails claim to deliver an invoice for an “outstanding balance” and trick the recipient to opening the attached file. In one instance, we have also seen the malicious attachment being delivered via URL.

READ MORE

Tracking and Mitigating Zyklon Phishing Using Threat Intelligence and Yara

June 21, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

The Zyklon HTTP Botnet malware is a tool that is readily accessible to threat actors in online criminal marketplaces and has been observed in use for various criminal activities. Among its features is the ability to log the keystrokes typed by a victim as well as to collect other private or sensitive information, and one of the most notable uses for Zyklon has been as a downloader and delivery tool for the Cerber encryption ransomware. Over a dozen unique campaigns to deliver this malware have been identified and reported by PhishMe Intelligence and it represents one of the most rapidly-growing...

READ MORE

Registration is Now Open for PhishMe Submerge 2017 – Phishing Defense Summit and User Conference

June 20, 2017 by Cofense in Phishing

We are thrilled to announce today registration for this year’s PhishMe Submerge™ Phishing Defense Summit and User Conference is live! Last year’s summit was a massive success – you don’t want to miss out on this year’s event.

READ MORE

SMILE – New PayPal Phish Has Victims Sending Them a Selfie

June 15, 2017 by Cofense in Malware AnalysisPhishingPhishing Defense Center

Phishing scams masquerading as PayPal are unfortunately commonplace. Most recently, the PhishMe Triage™ Managed Phishing Defense Center noticed a handful of campaigns using a new tactic for advanced PayPal credential phishing. The phishing website looks very authentic compared to off-the-shelf crimeware phishing kits, but also levels-up by asking for a photo of the victim holding their ID and credit card, presumably to create cryptocurrency accounts to launder money stolen from victims.

READ MORE

What Trend Micro’s research means for organizations

November 29, 2012 by Rohyt Belani in Malware AnalysisPhishingThreat Intelligence

Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution. Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.

READ MORE

Machines v/s Humans: Who Do You Think Is More Intelligent?

June 9, 2011 by Cofense in Cyber Incident ResponseThreat Intelligence

As the barrage of security breaches continues, Citigroup is the latest victim. This eWeek article: http://www.eweek.com/c/a/Security/Citigroup-Credit-Card-Portal-Breach-Compromises-200000-Customers-461930/ discusses the potential impact of this attack.   One of the commentators brings up the topic of phishing.   Hannigan, the CEO of Q1 labs, rightly points out that  “Security trust means more than just making sure you’re in compliance with regulations,”. On the other hand, some of the quotes, like that from Anup Ghosh, co-founder of Invincea has a blatant technology solution vendor bias. He discounts human intelligence when referring to customers in this quote – “it’s not reasonable to expect them to differentiate...

READ MORE

Phishing Attacks Target Google Users with Weakness in Chrome: What You Need to Know

May 14, 2014 by Cofense in Internet Security Awareness

If your employees are users of Google Chrome and/or Mozilla Firefox, your network could be vulnerable to a unique phishing attack targeting the two most widely-used browsers in the world. Several media outlets are covering the uniform resource identifiers (URI) exploit, which Google Chrome and other web browsers utilize in order to display data. This attack, which is difficult to identify via traditional methods, allows cybercriminals to gain access to Google Play, Google+ and Google Drive. This means that any sensitive information stored within each of those areas is up for the taking. In the case of Google Play that means...

READ MORE

Abusing Google Canary’s Origin Chip makes the URL completely disappear

May 6, 2014 by Aaron Higbee in Internet Security Awareness

Canary, the leading-edge v36 of the Google Chrome browser, includes a new feature that attempts to make malicious websites easier to identify by burying the URL and moving the domains from the URI/URL address bar (known in Chrome as the “Omnibox”) into a location now known as “Origin Chip”. In theory, this makes it easier for users to identify phishing sites, but we’ve discovered a major oversight that makes the reality much different. Canary is still in beta, but a flaw that impacts the visibility of a URL is typically something we only see once every few years. We’ve discovered...

READ MORE

Numbers of Victims of Cybercrime are Soaring

April 30, 2014 by Cofense in Internet Security Awareness

Reports from law enforcement agencies around the world show that there have been even more victims of cybercrime in the past 12 months than in any other year. Attacks are being conducted alarmingly frequently, and cybercriminals are becoming even more brazen. However, cybercrime is still not dealt with in the same way as other types of crime. Say you leave home, only to return to your front door kicked in. Everything of value has been stolen. What would you do? You’d call the police immediately, right? Now pretend you get an email from what looks to be your bank. They...

READ MORE

Phishing with a malicious .zip attachment

April 29, 2014 by Cofense in Phishing

A few weeks ago, we received a round of phishing emails with malware that seemed a little more special than your run-of-the-mill ZeuS, so we decided to give it some analysis. The email was reported by a user at PhishMe. We really do drink our own kool-aid. Figure 1 shows a screenshot of the email that is being analyzed.

READ MORE

HTML Attachment Phishing: What You Need to Know

April 23, 2014 by Cofense in Phishing

Are you aware of HTML attachment phishing? It is one of the latest trends with cybercriminals. Instead of emailing downloaders that contact C7C servers to download crypto malware, Troijans, or other nasties, HTML attachments are being sent. HTML attachment phishing is less well known, and as a result, many people are falling for phishing scams. Even though this past weekend was a holiday weekend for many, there is a good chance that you still checked your email fairly often. If you are like me, you typically use your phone or another mobile device to check your email on the go....

READ MORE

Watering Holes vs. Spear Phishing

April 22, 2014 by Cofense in Phishing

How Does A Watering Hole Attack Work? Water holing attacks originate by compromising trusted websites and infecting the computers or other devices that visit that site. A successful watering hole attack casts a wide net and has the potential to compromise a large number of users across multiple organizations. This flood of information is a double-edged sword, as attackers have to parse through a large amount of data to find information of value. Additionally, these attacks often exploit zero-day vulnerabilities, so their increased popularity means attackers are burning through zero-days faster, and companies are responding faster as well, stopping attacks...

READ MORE

Cyber Chess: How You Can Win

April 21, 2014 by Cofense in Internet Security Awareness

Most of us are not very good at playing chess – if we play at all.  However, many of us at least have some familiarity with the game. The following quick description will help in the discussion of Cyber Chess – the game the good guys (white pieces) “play” against the cybercriminals (black pieces) as they try to steal anything we value from our cyber world. The chess game is described in three phases. The Opening:  During the opening, you and your opponent make several moves to establish a battlefront. The Middle Game:  The middle game is the direct battle...

READ MORE

Why Do We Treat Cybercrime Differently than Real-Life Crime?

April 20, 2014 by Cofense in Internet Security Awareness

What would you do if you were the victim of a crime? For example, what if you walk out to your car after work and find the window smashed and the stereo stolen? Wouldn’t you call the police? Imagine that, this weekend, you’re leaving a bar with some friends. A man walks up, points a gun at you and demands your wallet. You’d call the police, right? Now pretend you receive an email saying that the bank needs you to reset your password. You go to the provided website in the email and the next time you check your balance...

READ MORE

Cybercrime Lessons from HBO’s True Detective

March 31, 2014 by Cofense in Internet Security Awareness

For those who did not follow HBO’s recent hit drama, True Detective, starring Woody Harrelson (as detective Marty” Hart) and Matthew McConaughey (as detective “Rust” Cohle), it was an intense drama about a seventeen-year struggle to break a serial murder case and bring a sadistic criminal to justice. For those who do know all about True Detective, that is not a surprise. So, what does a TV murder mystery have to do with fighting cybercrime and can we learn anything from True Detective?  At first, there would appear to be little commonality between murder and cybercrime –doubly so in this case for...

READ MORE

Woops! Army’s attempt at a phishing simulation bombs

March 14, 2014 by Aaron Higbee in Phishing

At PhishMe, we feel like we’ve done a pretty good job of debunking the idea that you can address the spear phishing threat using the pentest model, but after reading this Washington Post story about a phishing test gone awry, it looks like we still have some work to do. In this test, an Army combat commander sent an email to a “small group” of Army employees disguised as an email from their retirement plan provider urging them to log in to their accounts. The email used the name of Thrift Savings Plan, the actual 401(k) account provider for most...

READ MORE