Products
Products
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Cofense Phishing Prevention & Email Security Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Threats of Terror Pervade Recent Extortion Phishing Campaigns

December 20, 2018 by Cofense in Phishing Defense Center

By Lucas Ashbaugh “There is an explosive device (tronitrotoluene) in the building where your business is conducted […] there will be many victims if it explodes”

READ MORE

5 Things We Launched this Year to Stop Phishing Attacks Faster

December 17, 2018 by Cofense in Phishing

Merry Phishmas! It’s been another busy year of phishing scams, malware delivery, and other Grinchy activity. To help keep you protected, Cofense™ has refined our solutions to stop phishing in its tracks. Following are some of the new capabilities we launched in 2018. 

READ MORE

Domain Fronting, Phishing Attacks, and What CISOs Need to Know

December 13, 2018 by Aaron Riley in Threat Intelligence

CISO Summary Cofense IntelligenceTM is seeing continued use of a cyber-attack technique known as domain fronting. It’s yet another way hackers conceal their malicious activity, in this case using work-arounds to evade security controls and gain access to command-and-control (C2) infrastructure (scroll down for a technical explanation). Cozy Bear, the Russian threat actors, used similar tactics when they hacked the Democratic National Committee in 2016. Today, businesses are dealing with phishing and malware attacks that domain fronting enables. While Google and Amazon have taken measures in their CDNs to curtail this trend, we have seen an uptick in C2 infrastructure...

READ MORE

TV-License Phishing Scam Tricks UK Users Into Giving Personal Information

December 5, 2018 by Milo Salvia in Threat Intelligence

Cofense Intelligence™ recently observed a new phishing scam making the rounds in the United Kingdom. It poses as the TV licensing authority better known as the British Broadcasting Corporation. The premise behind the scam is to trick the user into believing that he or she is breaking the law by not owning a valid license to receive TV, a criminal offense in the UK with a maximum penalty of a £1000 fine plus any legal costs incurred during prosecution.  

READ MORE

2018: A Reverse-Course for Ransomware

December 5, 2018 by Cofense in Threat Intelligence

By Mollie MacDougall The overall number of ransomware campaigns and active families has declined precipitously in 2018 as compared to last year, almost certainly due to multiple deterrents and a better alternative for profit-minded hackers. This reverse-course in ransomware trends follows years of sustained growth in the number of ransomware families and unique campaigns. Still, ransomware attacks make headlines and will likely continue into next year.

READ MORE

Mature Your Anti-Phishing Program to Reflect Active Threats

November 28, 2018 by Zach Lewis in Internet Security Awareness

At CofenseTM we often hear comments from customers like, “My anti-phishing program has been running for years, email reporting rates have increased, and overall my users are better prepared. How can I continue to address and lower my risk?”

READ MORE

Bah HumBUG: 5 Recent Holiday Phishing Samples You Need to Watch Out For

November 21, 2018 by Aaron Riley in Threat Intelligence

Along with more online shopping, correspondence, and travel, the holiday season sees an increase in phishing operators eager to capitalize on a more-active attack surface. With Thanksgiving tomorrow, Cofense Intelligence and the Cofense Phishing Defense Center have seen a bombardment of Thanksgiving-themed phishing lures this week. Threat actors use this inundation of emails to their advantage—hoping to trick anyone looking for a good deal or eager to partake in the season’s merriment.

READ MORE

Major US Financial Institutions Imitated in Advanced Geodo/Emotet Phishing Lures that Appear More Authentic by Containing ProofPoint URL Wrapped Links

November 19, 2018 by Cofense in PhishingThreat Intelligence

By Darrel Rendell, Mollie MacDougall, and Max Gannon Cofense IntelligenceTM has observed Geodo (also known as Emotet) malware campaigns that are effectively spoofing major US financial institutions in part by including legitimate URLs wrapped in Proofpoint’s (PFPT) TAP URL Defense wrapping service. This adds an air of legitimacy to the casual observer, designed to increase the chances of malware infection. Figures 1 and 2 provide examples of the template and URL wrapping. Cofense Intelligence assesses the improved phishing templates are likely based upon data pilfered with a recently updated scraper module to spoof US financial institutions so effectively. Figure 1:...

READ MORE

Phishing Emails with .COM Extensions Are Hitting Finance Departments

November 15, 2018 by Aaron Riley in Threat Intelligence

Cofense IntelligenceTM has seen a substantial uptick in the use of .com extensions in phishing emails that target financial service departments. In October alone, Cofense Intelligence analyzed 132 unique samples with the .com extension, compared to only 34 samples analyzed in all nine months preceding. Four different malware families were utilized. The .com file extension is used for text files with executable byte code. Both DOS (Disk Operating System) and Microsoft NT kernel-based operating systems allow execution of .com files for backwards compatibility reasons. The .com style byte code is the same across all PE32 binaries (.exe, .dll, .scr, etc.)...

READ MORE

.NET Keylogger: Watching Attackers Watch You

October 16, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Throughout life, there are several things that make me smile. Warm pumpkin pie, a well-placed nyan nyan cat, and most of all – running malware online – never fail to lift my mood. So imagine my surprise to see, after running a malware sample, that the attackers were watching me. Here’s a screenshot of a phishing email we received, which contained a keylogger written in .NET.

READ MORE

Bash Vulnerability CVE-2014-6271 – Worm-able and Possibly Worse Than Heartbleed

September 25, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Post Updated 9/30/2014 Several months ago, the Internet was put to a halt when the Heartbleed vulnerability was disclosed. Webservers, devices, and essentially anything running SSL were affected; as a result, attackers were able to collect passwords, free of charge. With Heartbleed, the exploit made a splash and many attackers started to use the vulnerability. One of the more high-profile attacks of Heartbleed was the CHS attack, where the attackers siphoned 4.5 million patient records by attacking a Juniper device, then hopping onto their VPN. So how can something be bigger than Heartbleed? I’m glad you asked.

READ MORE

PDF Exploits: A Deep Dive

September 8, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user.

READ MORE

Four Ways Phishing Has Evolved in 2014

August 20, 2014 by Cofense in Threat IntelligenceInternet Security Awareness

Phishing isn’t exactly a new kid on the block. Phishing is one of the most common email-based threats. It is a tried and tested tactic that continues to deliver impressive results for cybercriminals. That’s why phishing continues to grow in popularity. In the month of June 2014 alone, phishing activities totaled $400 million in losses, which could be annualized at $102 million per year. While it has been around for years, phishing has evolved considerably and has increased in efficiency and effectiveness. In the last six months (as compared to 2013), we’ve seen several differences in the type, size and...

READ MORE

Small but powerful — shortened URLs as an attack vector

July 31, 2014 by Cofense in PhishingThreat Intelligence

Using tiny URLs to redirect users to phishing and malware domains is nothing new, but just because it’s a common delivery tactic doesn’t mean that attackers aren’t using it to deliver new malware samples. We recently received a report of a phishing email from one of our users here at PhishMe that employed a shortened google URL, and led to some surprising malware. Through the power of user reporting, we received the report, discovered the malicious nature of the shortened URL, and reported the issue to Google – all within a span of 30 minutes. Google reacted quickly and took...

READ MORE

The New GameOver Zeus Variant (newGOZ) Spams Again

July 22, 2014 by Cofense in Malware Analysis

Almost two weeks ago, PhishMe identified a new Trojan based almost entirely on the notorious GameOver Zeus variant. The new GameOver Zeus variant demonstrated many of the same behaviors and characteristics of the original. The most notable change between these two Trojans was the abandonment of the peer-to-peer botnet used by the older GameOver Zeus. Instead, the new variant used a new fast-flux infrastructure. However, much of the behavior—and malicious capabilities— of the original was retained in this newer form of the malware. Today, a large number of spam emails were received and analyzed by PhishMe in one of the...

READ MORE

Slava Ukraini: Dyre Returns

July 17, 2014 by Cofense in Threat Intelligence

It has been a few weeks since the original discovery of the Dyre malware, and the attackers have sent another wave of phishing. This time, the phishing campaign only went to one senior level individual within our enterprise.

READ MORE

Breaking: GameOver Zeus Mutates, Launches Attacks

July 10, 2014 by Cofense in Malware Analysis

Today, PhishMe’s analysts identified a new banking Trojan that is based heavily on the GameOver Zeus binary. The GameOver Zeus mutation was distributed as an attachment in three spam email templates, utilizing the simplest method of infection to compromise end users’ systems. The E-mail spam campaign From 9:06 AM to 9:55 AM we intercepted spam messages claiming to have been sent from NatWest Bank. One of the email messages used to distribute the new GameOver Zeus variant is listed below. As you can see, the message uses a common social engineering technique. It alerts the recipient to the risk of...

READ MORE

Attackers using Dropbox to target Taiwanese government

July 1, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

While we have previously mentioned cyber-crime actors using Dropbox for malware delivery, threat actors are now using the popular file-sharing services to target nation-states. According to The Register, attackers targeted a Taiwanese government agency using a RAT known as PlugX (also known as Sogu or Korplug). From an anti-forensics perspective, PlugX is a very interesting piece of malware. One of the main ways it loads is by using a technique similar to load order hijacking.

READ MORE

PhishMe Clients Are Reporting Ransomware Emails. Are You?

January 19, 2018 by Cofense in Internet Security Awareness

With the steady rise in ransomware attacks and success, it’s highly likely that related phishing variants will continue to permeate the landscape in 2018. While this is not a new threat, it’s one that you want to be truly prepared to face. With that in mind, we looked back into our 2017 data and what we found is good news for those clients running active threat ransomware simulations in their environment. Across 246 simulations and more than 712k emails, the aggregate resiliency score was 2.63. This means that for every susceptible user, there were more than 2 that reported the...

READ MORE

New Enhancements Help Streamline Incident Response with PhishMe Triage

December 22, 2017 by Cofense in Phishing

With security analysts pulled in many directions, they must be able to prioritize and invoke incident response on ransomware, business email compromise (BEC), malware infections, and credential-based theft emails. The key to this is the automation and streamlining of the incident response. PhishMe Triage™ has been updated with new features to help security analysts and incident response teams streamline their processes and secure administrative access. Key Features this Release Tighter Integration – Authenticated API for integration across the incident response team Additional Security – Two-factor authentication for PhishMe Triage users More Accountability – Audit logs are generated for all users...

READ MORE

Phishing defense: do you know your capabilities?

December 19, 2017 by Cofense in Internet Security Awareness

As phishing continues to spread, executive teams across the globe are asking: “How well does our company recognize, report and respond to the threat?”

READ MORE

In 2018, learn to call attackers’ bluffs.

December 18, 2017 by Cofense in Internet Security Awareness

People often ask me about the future of phishing. What can we expect to see and how should we prepare?

READ MORE

PhishMe Reporter: 5 Reasons Why 10M Users Are a Big Deal

December 15, 2017 by Cofense in Internet Security Awareness

Okay, so it’s not billions of burgers. But when PhishMe Reporter® recently hit the 10 million mark—now deployed to 10 million end users’ work stations—the milestone was more than just a big number. A few reasons why:

READ MORE

Report: beware consumer scams that target users at work

December 14, 2017 by Cofense in Internet Security Awareness

Back in October, PhishMe® reported a Netflix email scam appearing in office in-boxes. Now our 2017 Phishing Resiliency and Defense Report confirms the danger: based on millions of simulated phishes across PhishMe customers, the study shows the most tempting workplace scams have a consumer flavor.

READ MORE

Free training bundle: help your users spot the top holiday scams.

December 12, 2017 by Cofense in Internet Security Awareness

The holidays are here and you know what that means. “Merry Phish-mas!” from every scammer who wants to bilk your business.

READ MORE

Here’s How Boards Should Measure Anti-Phishing Programs

December 6, 2017 by Cofense in Phishing

In board rooms across the globe, directors are asking the question, “How is phishing affecting the organization and are we able to handle the risks?”

READ MORE

Black Friday Spam Alert: How to Shop Safe Online this November

November 17, 2017 by Cofense in Internet Security Awareness

As Black Friday draws near, it seems that every company with anything to sell is sending emails to advertise their specials. Consumers can expect to see emails from all sorts of major retailers: Amazon, Dell, Fry’s, Home Depot, Khol’s, Microsoft, and everyone under the sun, with some really great deals. However, mixed into this pile of email are a tremendous number of messages touting shady deals that could lead consumers to give up personal information, money, or just land them with fake products instead of what they were shopping for. Here are two major categories of trouble that you might...

READ MORE