Products
Products
Response
Intelligence
About Cofense
About Cofense
Leadership

Cofense Phishing Prevention & Email Security Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

New Month; New Sigma

May 15, 2018 by Cofense in Threat Intelligence

Cofense Intelligence has observed several recent Sigma ransomware campaigns that demonstrate either a new iteration or a fork of this malware. Prior to these new campaigns, the actors behind Sigma stuck rigidly to two very distinct phishing narratives, as detailed in Cofense’s recent blog post, and relied on the same infection process. With these newly observed changes, Sigma’s operators have eliminated various infrastructure concerns and improved the UX (User eXperience) of the whole ransom process, representing the first major shifts in Sigma tactics, techniques and procedures (TTPs).

READ MORE

Prevent Your Social Media Users from Arming Phishing Attackers

May 8, 2018 by Zach Lewis in Phishing

An employee goes on Facebook and makes a snarky comment about his boss. Or posts a picture of a co-worker that includes a confidential document open on her laptop. Or simply mentions your company name when sharing something online. All of these are examples of potential trouble.

READ MORE

Sigma Operators Craft New Techniques to Deliver Phish to Your Inbox

May 7, 2018 by Cofense in Threat Intelligence

Cofense Intelligence recently identified a large Sigma ransomware campaign that contained significant deviations from the established TTPs employed by the actors behind this prolific piece of extortionware. These changes improve Sigma’s A/V detection-evasion and demonstrate new social engineering tactics intended to increase the likelihood that a targeted user would open the phishing email and its malicious attachment.

READ MORE

That email from HR? RSA attendees say you’d better check twice for phishing.

May 3, 2018 by Cofense in Phishing

When the security world gathered at RSA 2018, CofenseTM surveyed attendees about phishing attacks and defenses. The #1 phishing concern? Malicious emails that appear to be internal communications, from your boss, HR, or the help desk, making them extra-hard to resist.

READ MORE

With Goo.gl Shutting Down, Will Attackers Move to Less Transparent URL Shorteners?

May 2, 2018 by Cofense in Threat Intelligence

Google recently announced it was shutting down Goo.gl, its URL shortener service. Going forward, you’ll find short-link provisioning in Google’s Firebase mobile and web application platform.

READ MORE

Hunting Malware Threats from Just One Word: How to Perform a Fruitful Investigation with Practically Nothing

May 1, 2018 by Cofense in Threat Intelligence

Posted by: Jason Meurer, Researcher, Cofense As security researchers, we sometimes have very little information to begin our investigations or research activities. A rumor here or there can sometimes spread from a single word attributed to a current phishing or malware campaign. This was exactly the case for us on February 27th, when we identified a phishing campaign but were provided with very limited information to aid us in starting our research.

READ MORE

Russian “Troldesh” AKA Encoder.858 or Shade is back!

April 27, 2018 by Dilen Thakuri in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

On the 19th of April, the Cofense Phishing Defense Center received an email crafted to appear to be from “Sberbank Russia.” In fact, it was a phishing email containing the Troldesh malware, a variant of Russian Ransomware first seen in mid-2015. The PDC hadn’t seen this variant for quite some time.

READ MORE

5 ways we boost your anti-phishing program’s ROI.

April 25, 2018 by Zach Lewis in Phishing Defense CenterCyber Incident ResponseInternet Security Awareness

If you’re shopping for a vendor to help with phishing awareness training, you might be thinking, “They all seem pretty similar. What’s the difference?”

READ MORE

How to Avoid Drowning in Spam and Phishing Emails

April 23, 2018 by Cofense in Phishing Defense CenterCyber Incident ResponseInternet Security Awareness

As we have continued to improve anti-phishing capabilities for clients over the past few years, we have seen a myriad of changes in phishing email composition, style, and approach. Throughout all those changes however, one thing has remained the same.

READ MORE

Build Phishing Countermeasures to Protect Your Brand

May 22, 2013 by Cofense in PhishingThreat Intelligence

Corporations fight phishing each and every day. Large and recognizable financial institutions, retail companies, internet service providers/telecommunication companies are among those most heavily targeted victims of phishing. While the aftermath of a phishing attack is costly and yields long-term consequences, it’s quite difficult to keep up with cybercriminals. It’s shockingly easy for cybercriminals to create a phishing site targeted at your brand, so easy that the cybercriminal simply needs to unpack and upload a pre-built “phishing kit” in order to create a new phishing website. Just one phishing kit can produce hundreds of phishing URLs. With just a few clicks...

READ MORE

Defining a Sophisticated Attack

March 18, 2013 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

What do nearly all of the recent high-profile data breaches have in common? They have all been traced to sophisticated threats and cyber criminals. While there are many disagreements in the security industry, after every significant breach nearly everyone agrees that it was sophisticated (Twitter, Apple, and the Department of Energy are some of the unfortunate organizations to be compromised by a sophisticated attack recently). On the surface, it isn’t hard to see why. First, technology vendors need attackers to be super sophisticated, because simple tactics couldn’t circumvent their products, right? For victims of a breach, it is advantageous for...

READ MORE

What Trend Micro’s research means for organizations

November 29, 2012 by Rohyt Belani in Malware AnalysisPhishingThreat Intelligence

Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution. Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.

READ MORE

Machines v/s Humans: Who Do You Think Is More Intelligent?

June 9, 2011 by Cofense in Cyber Incident ResponseThreat Intelligence

As the barrage of security breaches continues, Citigroup is the latest victim. This eWeek article: http://www.eweek.com/c/a/Security/Citigroup-Credit-Card-Portal-Breach-Compromises-200000-Customers-461930/ discusses the potential impact of this attack.   One of the commentators brings up the topic of phishing.   Hannigan, the CEO of Q1 labs, rightly points out that  “Security trust means more than just making sure you’re in compliance with regulations,”. On the other hand, some of the quotes, like that from Anup Ghosh, co-founder of Invincea has a blatant technology solution vendor bias. He discounts human intelligence when referring to customers in this quote – “it’s not reasonable to expect them to differentiate...

READ MORE

BEC Scams Hit Technology Giants for over $100 Million Dollars

April 28, 2017 by Cofense in PhishingInternet Security Awareness

Even the biggest companies fall for it. This week, reports showed that Business Email Compromise (BEC) scams, sometimes referred to as CEO Fraud Emails, netted over $100 million dollars from Facebook and Google. While people are increasingly aware of phishing emails containing links and attachments, BEC scams (also known as CEO Fraud) continue to reward criminals with alarming effectiveness. These phishing scams fly past traditional security roadblocks because there are no URLs or Attachments to scan.

READ MORE

Off-the-shelf Zyklon Botnet Malware Utilized to Deliver Cerber Ransomware

April 24, 2017 by Cofense in Malware AnalysisPhishingThreat Intelligence

Recent, large-scale distributions of the Zyklon botnet malware mark a continuing trend of off-the-shelf malware use. This multipurpose trojan, capable of supporting numerous criminal activities, has been identified in phishing attacks more and more frequently through the month of April. The bulk of these campaign have leveraged resume- and job-applicant-themed messaging as in the phishing narrative. The most recent analyses of this distribution have shown that the threat actors are attempting to leverage the malware’s full feature set by not only using it as an information stealer, but also as a downloader used to obtain and deploy the Cerber ransomware...

READ MORE

Locky Stages Comeback Borrowing Dridex Delivery Techniques

April 21, 2017 by Cofense in RansomwareMalware AnalysisPhishing

The ransomware that defined much of the phishing threat landscape in 2016 raged back into prominence on April 21, 2017 with multiple sets of phishing email messages. Harkening back to narratives used throughout 2016, these messages leveraged simple, easily-recognizable, but perennially-effective phishing lures to convince recipients to open the attached file.

READ MORE

Does your Incident Response Plan include Phishing?

April 20, 2017 by Cofense in Phishing Defense CenterCyber Incident ResponsePhishing

It’s no secret that 90% of breaches start with a phishing attack. The question is: are you prepared to recognize phishing and respond to it? Many organizations are concerned with how much spam they receive and implement controls specific to spam. But you shouldn’t confuse preventing spam with responding to phishing attacks.

READ MORE

How Dridex Threat Actors Craft Phishing Attacks, No Exploits Necessary

April 18, 2017 by Cofense in Malware AnalysisPhishingRansomware

Threat actors using the Dridex botnet malware received a great deal of attention recently for their purported utilization of content exploiting a previously un-patched vulnerability in Microsoft Word. This exploit, which took advantage of unexpected behavior in the handling of certain document types, was reportedly used to deliver the Dridex botnet malware via documents attached to phishing emails. However, the bulk of Dridex campaigns leverage far more common delivery techniques that abuse the functionality that already exists in Microsoft Office and Adobe Reader rather than deploying some complex exploit content. This serves as a reminder that threat actors don’t always...

READ MORE

Malware Delivery OLE Packages Carve Out Market Share in 2017 Threat Landscape

April 10, 2017 by Cofense in PhishingMalware AnalysisThreat Intelligence

In the first quarter of 2017, PhishMe Intelligence has noted an increase in malware distributors utilizing OLE packages in order to deliver malware content to victims. This current trend was first noted in December 2016 with close association to the delivery of the Ursnif botnet malware. This technique abuses Microsoft Office documents by prompting the victim to double-click an embedded icon to access some content. These objects are used to write a script application to disk that facilitates the download and execution of a malware payload. This method adds to another iteration of techniques threat actors use to evade anti-analysis...

READ MORE

Dridex Threat Actors Reinvigorate Attacks with Sizable, Concurrent Campaigns

April 6, 2017 by Cofense in Threat IntelligenceMalware AnalysisPhishing

One of the most historically effective techniques for gaining new infections for the powerful Dridex botnet malware has been sizable sets of widely-distributed phishing email. While these large campaigns have been intermittent for several months, the past week’s Dridex distributions have shown a renewed vigor with several larger campaigns being launched both concurrently and repeatedly. Many of these campaigns return to well-used and previously-successful email templates and malware delivery tools that had seen earlier utilization in conjunction with both Dridex deliveries and the delivery of other malware tools. On March 30, 2017 three distinct sets of phishing emails were identified...

READ MORE

PhishMe End-to-End Phishing Mitigation Solution Delivers ROI, Operational Efficiency and Reduced Susceptibility

April 5, 2017 by Cofense in PhishingCofense News

Before investing in any type of security solution, you need to know your money will be well spent. That’s especially true for security professionals shopping for antiphishing solutions, hence why PhishMe commissioned Forrester Research, Inc. to research the effectiveness of PhishMe’s complete phishing defense solution among key customers.

READ MORE

Spam is Spam, Phishing is Phishing, but Phishing is not Spam

April 3, 2017 by Aaron Higbee in PhishingInternet Security Awareness

Problems arise when we use the terms Spam and Phishing interchangeably. At the risk of sounding persnickety, I’m going to try to build the case of why we need to stop confusing Spam and Phishing.

READ MORE