Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response
Resources
Resources

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

TrickBot Targeting Financial and Cryptocurrency Data

September 21, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

While a great deal of focus for research into botnet trojans is on the multipurpose utility of this malware, many of these same tools are still utilized for direct financial crimes and fraud. This configuration data, provides a prima-facie insight into some of the preferred means for monetary gains by threat actors. An example of this can be found in the most recent rounds of TrickBot malware configurations. These XML documents describe the targeted login pages for online services and the action the malware is to take when a victim visits one. Many of the targeted resources reference the login...

READ MORE

5 Reasons Our UK Phishing Report Would Make Winston Churchill Scowl

September 20, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

The US and UK share a lot of things. History. Political traditions. A language, if one is feeling generous. And now some worrisome phishing data that jumps out of two reports PhishMe® has commissioned, most recently in the UK.

READ MORE

Endpoint Phishing Incident Response with PhishMe and Carbon Black

September 19, 2017 by Cofense in Cyber Incident ResponsePhishingThreat Intelligence

Hunting Phished Endpoints with PhishMe Intelligence™ and Carbon Black® Response While sipping coffee and reading the morning headlines, the CISO notices a global mass-phishing campaign that took place overnight. Picking up the phone and calling the SOC, the CISO asks; “Are there any computers that may have been infected with ‘X’ that I read about this morning? I need answers before my meeting in an hour”.

READ MORE

Customized Phishing Simulations Keep You “Left of Breach”

September 18, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 3 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 2 we looked at Self-Enumeration, assessing security and business process gaps that phishing attackers exploit. It’s the first step in being “Left of Breach” (see figure below), the process that builds a proactive phishing defense strategy.

READ MORE

Phishing Incident Response: Get Started in 3 Steps

September 15, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

So, you want to improve your response to phishing threats? Smart idea. PhishMe®’s recent report on phishing response trends shows that phishing is the #1 security concern, but almost half of organizations say they’re not ready for an attack.

READ MORE

Identity Crisis – The Real Cost of a PII Data Breach

September 12, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

As the success of phishing attacks continues to broaden and gain traction in the modern news cycle, it’s important that we understand the differences in impacts based on the type of breach.

READ MORE

Catching Phish with PhishMe Intelligence and ThreatQ

September 12, 2017 by Cofense in Cyber Incident ResponsePhishingThreat Intelligence

PhishMe IntelligenceTM Integrates with ThreatQuotient’s ThreatQ Platform Swimming in a sea of threat intelligence indicators and services, security teams have been working towards effective ways to centralize, de-duplicate, and correlate massive amounts of threat data. The challenge, once this is done, is acting on what matters most. This requires intelligence, not just data.

READ MORE

To Get “Left of Breach,” First Know Thyself

September 11, 2017 by Cofense in Cyber Incident ResponseMalware AnalysisPhishing

Part 2 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 1 of this series, we talked about getting front of data breaches by taking proactive steps—everything to the left of the bullseye in the figure shown here:

READ MORE

Human Phishing Defense Tackle Box – PhishMe Intelligence™ and IBM QRadar®

September 8, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessThreat Intelligence

PhishMe® and IBM have teamed up to provide security operations with essentials for their phishing defense program. Security teams don’t want standalone security products; they need holistic security solutions and through partner integrations. That’s why PhishMe and IBM have partnered to help enterprise businesses defend against credential-stealing, malware, ransomware, and Business Email Compromise (BEC) phishing.

READ MORE

PhishMe Triage Catches and Mitigates a Phishing Attack on Day 1

September 8, 2017 by Cofense in Cyber Incident ResponseMalware AnalysisPhishing

BY JOHN TRAVISE AND NICOLAS OCTAVIANI PhishMe Triage™ immediately reveals an active, ongoing phishing attack against a new customer during a configuration and deployment.

READ MORE

Defining a Sophisticated Attack

March 18, 2013 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

What do nearly all of the recent high-profile data breaches have in common? They have all been traced to sophisticated threats and cyber criminals. While there are many disagreements in the security industry, after every significant breach nearly everyone agrees that it was sophisticated (Twitter, Apple, and the Department of Energy are some of the unfortunate organizations to be compromised by a sophisticated attack recently). On the surface, it isn’t hard to see why. First, technology vendors need attackers to be super sophisticated, because simple tactics couldn’t circumvent their products, right? For victims of a breach, it is advantageous for...

READ MORE

What Trend Micro’s research means for organizations

November 29, 2012 by Rohyt Belani in Malware AnalysisPhishingThreat Intelligence

Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution. Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.

READ MORE

Machines v/s Humans: Who Do You Think Is More Intelligent?

June 9, 2011 by Cofense in Cyber Incident ResponseThreat Intelligence

As the barrage of security breaches continues, Citigroup is the latest victim. This eWeek article: http://www.eweek.com/c/a/Security/Citigroup-Credit-Card-Portal-Breach-Compromises-200000-Customers-461930/ discusses the potential impact of this attack.   One of the commentators brings up the topic of phishing.   Hannigan, the CEO of Q1 labs, rightly points out that  “Security trust means more than just making sure you’re in compliance with regulations,”. On the other hand, some of the quotes, like that from Anup Ghosh, co-founder of Invincea has a blatant technology solution vendor bias. He discounts human intelligence when referring to customers in this quote – “it’s not reasonable to expect them to differentiate...

READ MORE

Two Attacks… Two Dyres… All Infrastructure

November 6, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Over the last few days, we have seen two waves of Dyre. The attackers have changed things up a bit and made it harder to analyze. By using memory forensics techniques, we took a peek into their command and control (C2) infrastructure. The #1 rule of memory forensics…everything has to eventually be decoded, and we’re going to use this to our advantage. Here’s a quick look at the waves of emails we received. (Figures 1 and 2)

READ MORE

Attackers Go Back to School: Phishing From .edu Leads to ZeuS

October 31, 2014 by Cofense in Internet Security Awareness

On October 28th, several of our employees reported a wave of suspicious emails. The most peculiar of the bunch originated from an American university. Here is a screenshot of the phishing email:

READ MORE

.NET Keylogger: Watching Attackers Watch You

October 16, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Throughout life, there are several things that make me smile. Warm pumpkin pie, a well-placed nyan nyan cat, and most of all – running malware online – never fail to lift my mood. So imagine my surprise to see, after running a malware sample, that the attackers were watching me. Here’s a screenshot of a phishing email we received, which contained a keylogger written in .NET.

READ MORE

National Cybersecurity Awareness Month 2014

October 6, 2014 by Cofense in Internet Security Awareness

With National Cyber Security Awareness month (NCSAM) upon us, the national spotlight is on best practices to stay safe and protect your data online. Thanks to the support of the National Cyber Security Alliance, Department of Homeland Security, and the White House , the month of October will feature a number of initiatives designed to increase the knowledge base about cyber security issues with the general population and promote DHS’ “Stop. Think. Connect.” program to empower individuals to be safer online. PhishMe is proud to participate by being a 2014 NCSAM champion, and have made a number of resources available to...

READ MORE

Bash Vulnerability CVE-2014-6271 – Worm-able and Possibly Worse Than Heartbleed

September 25, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Post Updated 9/30/2014 Several months ago, the Internet was put to a halt when the Heartbleed vulnerability was disclosed. Webservers, devices, and essentially anything running SSL were affected; as a result, attackers were able to collect passwords, free of charge. With Heartbleed, the exploit made a splash and many attackers started to use the vulnerability. One of the more high-profile attacks of Heartbleed was the CHS attack, where the attackers siphoned 4.5 million patient records by attacking a Juniper device, then hopping onto their VPN. So how can something be bigger than Heartbleed? I’m glad you asked.

READ MORE

PDF Exploits: A Deep Dive

September 8, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user.

READ MORE

Four Ways Phishing Has Evolved in 2014

August 20, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Phishing isn’t exactly a new kid on the block. Phishing is one of the most common email-based threats. It is a tried and tested tactic that continues to deliver impressive results for cybercriminals. That’s why phishing continues to grow in popularity. In the month of June 2014 alone, phishing activities totaled $400 million in losses, which could be annualized at $102 million per year. While it has been around for years, phishing has evolved considerably and has increased in efficiency and effectiveness. In the last six months (as compared to 2013), we’ve seen several differences in the type, size and...

READ MORE

If it Looks Like a Phish, Acts Like a Phish, it Could Be Malware

August 20, 2014 by Cofense in Phishing

Most of us are familiar with the common idiom “If it looks like a duck, swims like a duck, quacks like a duck, then it is probably a duck.” Despite criminals’ constant efforts to change their techniques and tactics, this idiom usually holds true for online crime. Phishers have characteristic techniques in just the same way that malware writers and distributors employ specific tactics. These two don’t often overlap. However, when they do, it makes for a spectacularly effective attack. This week, PhishMe’s analysts uncovered spam emails distributed by the Cutwail spamming botnet using a new JP Morgan Chase spam...

READ MORE

An IRS Rebate That Isn’t Worth It: Phishing Tactics Repeat Themselves

August 13, 2014 by Cofense in Phishing

It’s about the time of year when people should be receiving tax refunds from the IRS, which gives attackers a great opportunity to craft phishing emails. PhishMe users recently reported a round of phishing emails purporting to be from the IRS about tax refunds:

READ MORE

Small but powerful — shortened URLs as an attack vector

July 31, 2014 by Cofense in PhishingThreat Intelligence

Using tiny URLs to redirect users to phishing and malware domains is nothing new, but just because it’s a common delivery tactic doesn’t mean that attackers aren’t using it to deliver new malware samples. We recently received a report of a phishing email from one of our users here at PhishMe that employed a shortened google URL, and led to some surprising malware. Through the power of user reporting, we received the report, discovered the malicious nature of the shortened URL, and reported the issue to Google – all within a span of 30 minutes. Google reacted quickly and took...

READ MORE