Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Security Awareness: 4 tips on Trusting Technology

October 17, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 3 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.

READ MORE

Malicious Chrome Extension Targets Users in Brazil

October 17, 2017 by Cofense in Malware AnalysisPhishingPhishing Defense Center

Our Phishing Defense Center recently detected a significant increase in the number of emails with malware designed  exclusively to target users in Brazil.

READ MORE

Locky or TrickBot? Depends Where You Are. Malicious Payload Delivery Tailored by Geographic Location

October 13, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

BY NEERA DESAI AND VICTOR CORNELL It is not uncommon for threat actors to deploy malicious payloads from multiple malware families during a single phishing campaign. These malware tools may include ransomware, a financial crimes trojan, or other botnet malware. However, it is not as common for those attackers to deploy different malware tools based upon the geographic location of their victim.

READ MORE

To Raise Security Awareness, Don’t Trust the Process.

October 12, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 2 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month. 

READ MORE

Rock the 80’s and More at PhishMe Submerge 2017!

October 11, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

An 80’s party, PhishMe Simulator™ Certification and savings of $100. They’re three great reasons to attend PhishMe® Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor.

READ MORE

Heads Up: This Netflix Phish Targets Business Email, Not Just Home Accounts

October 10, 2017 by Cofense in Malware AnalysisPhishingPhishing Defense Center

PhishMe® analyzes phishing attacks intended for corporate email all the time—phishing for corporate email credentials, malware delivery, etc. However, we also analyze phishing for consumer service credentials—think online shopping or Netflix—since it is also a part of the threat landscape.

READ MORE

The Phishing Kill Chain – Triage and Mitigation

October 9, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 6 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 5 we looked at the importance of reporting and associated best practices for implementation and measuring success at both the simulation and program trending level. Now let’s shift the focus from the development of our user base as reporters to a more traditional security skill set of detection, analysis and mitigation of threats.

READ MORE

Don’t be so emotional. (It hurts security awareness.)

October 5, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 1 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.  While modern technology and pervasive media can make all things appear new, they really aren’t. As we continue the battle against advanced persistent threats, malware and fraud, it’s important to remember that confidence men and women have been at this game for a long time.

READ MORE

The Phishing Kill Chain – Reporting

October 2, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 5 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 4 we looked at Simulation Delivery, and stress the importance of utilizing methods that model malicious actors and advanced persistent threats. We will now take a closer look at developing reporters in your company environment.

READ MORE

Team Up Against Phishing at PhishMe Submerge 2017

September 27, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Anti-phishing, like all security, is a team sport. (Apologies for that metaphor, but football season is here.) So join PhishMe® and other security professionals at PhishMe Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor.

READ MORE

Disrupting an Adware-serving Skype Botnet

June 3, 2015 by Cofense in Internet Security Awareness

In the early days of malware, we all remember analyzing samples of IRC botnets that were relatively simple, where the malware would connect to a random port running IRC, joining the botnet and waiting for commands from their leader. In this day and age, it’s slightly different. Whereas botnets previously had to run on systems that attackers owned or had compromised, now bots can run on Skype and other cloud-based chat programs, providing an even lower-cost alternative for attackers.

READ MORE

Surfing the Dark Web: How Attackers Piece Together Partial Data

June 2, 2015 by Aaron Higbee in Internet Security Awareness

The recent Carefirst breach is just the latest in a rash of large-scale healthcare breaches, but the prevailing notion in the aftermath of this breach is that it isn’t as severe as the Anthem or Premera breaches that preceded it. The thinking is that the victims of this breach dodged a bullet here, since attackers only accessed personal information such as member names and email addresses, not more sensitive information like medical information, social security numbers, and passwords. However, attackers may still be able to use this partial information in a variety of ways, and a partial breach should not...

READ MORE

Has Your Yahoo Password Been Stolen?

May 14, 2015 by Cofense in Phishing

Has your Yahoo password been stolen? Would you be aware if that was the case? Many people who have fallen for the latest Yahoo password stealing scam will be unaware that their account is no longer secure. PhishMe researchers are always finding new tactics used by the top phishers to steal login credentials for popular on-line services, and attacks on Yahoo users are incredibly common. We recently found a very clever phisher using the idea of strengthening your password against you. Let’s explore this phishing scenario in detail. Since the beginning of May, the URL: hxxp://markspikes.com/2/us-mg5.mail.yahoo.com/
 has loaded a page...

READ MORE

Updated Dyre, Dropped by Office Macros

May 4, 2015 by Cofense in Internet Security AwarenessMalware Analysis

Whenever attackers make a shift in tactics, techniques, and protocol (TTP), we like to make note of it to help both customers and the rest of the Internet community. We recently analyzed a sample that started out appearing to be Dridex, but quickly turned into a headache leading to Dyre that featured some notable differences to past Dyre samples. One PhishMe user was targeted to their personal account, and here’s a copy of the phishing email: Once opened, we’re presented with the very familiar story of “please enable this macro so you can get infected”. This time, they do give...

READ MORE

Detecting a Dridex Variant that Evades Anti-virus

March 25, 2015 by Cofense in Internet Security AwarenessMalware Analysis

Attackers constantly tweak their malware to avoid detection. The latest iteration of Dridex we’ve analyzed provides a great example of malware designed to evade anti-virus, sandboxing, and other detection technologies. How did we get our hands on malware that went undetected by A/V? Since this malware (like the majority of malware) was delivered via a phishing email, we received the sample from a user reporting the phishing email using Reporter.

READ MORE

The Return of NJRat

March 19, 2015 by Cofense in Internet Security Awareness

NJRat is a remote-access Trojan that has been used for the last few years. We haven’t heard much about NJRat since April 2014, but some samples we’ve recently received show that this malware is making a comeback. ( For some background on NJRat,  a 2013 report from Fidelis Cybersecurity Solutions at General Dynamics detailed indicators, domains, and TTP’s in conjunction with cyber-attacks using NJRat.)

READ MORE

Forbes.com, Adobe Flash Player, and Your Email

February 13, 2015 by Cofense in Internet Security Awareness

What do the three topics in today’s title have in common?  Quite a bit if you are in the malware business!  Near the top of the Tech news today is the story that Forbes.com, the 61st most popular website in the United States, has been distributing malware through it’s “Thought Of The Day” advertisements application. When first visiting Forbes, regardless of which article link you have clicked on from your websearch, newsreader, Facebook/Twitter link, or email recommendation, you don’t go directly to the article.  Instead you are taken to a “Thought Of The Day” page, where Forbes is able to...

READ MORE

Anthem and Post-breach phishing awareness

February 9, 2015 by Cofense in Internet Security Awareness

The Anthem data breach on February 5, 2015 raised the high-water mark on healthcare data breaches. The Anthem breach smashed all previous records, exposing close to 80 million members’ records. It was the largest healthcare data breach ever discovered by a considerable distance. Only a very small number of healthcare data breaches have been reported that have exceeded 2 million records. In the United States, data breaches impacting the protected health information of patients and health plan members are required to be reported to the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR). OCR maintains a searchable...

READ MORE

Fighting Back Against a Fake Tech Support Call

January 15, 2015 by Cofense in Phishing

’Tis the season for phishing emails, scams, and fake tech support calls. We recently investigated such a call received by one of PhishMe’s employees. After saying that he would call the “technician” back, the employee passed the number over to us and we began to investigate. The number the technician provided us was “646-568-7609.” A quick Google search of the number shows that other users have received similar calls from the same number. In one example, “Peter from Windows” was the person calling. In our case, it was Alex Jordan from Seattle.

READ MORE

Botnets, APTs, and Malicious Emails: The Commonest Methods of Attack

December 22, 2014 by Cofense in Internet Security Awareness

A question that we regularly receive at PhishMe is “How do the higher skilled cyber criminals get into major networks?” – The answer is botnets, APTs and malicious emails in most cases. The way Advanced Persistent Threat-style actors are described by the media often leaves the average reader believing that these intrusions are performed by Mission: Impossible’s Ethan Hunt!  But the truth is that even the APT-level hackers often gain their initial foothold into your network through the most common and trustworthy means of infection — a malicious email. But surely these are highly crafted, customized and targeted spear-phishing emails,...

READ MORE