New Month; New Sigma
May 15, 2018 by Cofense in Threat IntelligenceCofense Intelligence has observed several recent Sigma ransomware campaigns that demonstrate either a new iteration or a fork of this malware. Prior to these new campaigns, the actors behind Sigma stuck rigidly to two very distinct phishing narratives, as detailed in Cofense’s recent blog post, and relied on the same infection process. With these newly observed changes, Sigma’s operators have eliminated various infrastructure concerns and improved the UX (User eXperience) of the whole ransom process, representing the first major shifts in Sigma tactics, techniques and procedures (TTPs).
Prevent Your Social Media Users from Arming Phishing Attackers
May 8, 2018 by Zach Lewis in PhishingAn employee goes on Facebook and makes a snarky comment about his boss. Or posts a picture of a co-worker that includes a confidential document open on her laptop. Or simply mentions your company name when sharing something online. All of these are examples of potential trouble.
Sigma Operators Craft New Techniques to Deliver Phish to Your Inbox
May 7, 2018 by Cofense in Threat IntelligenceCofense Intelligence recently identified a large Sigma ransomware campaign that contained significant deviations from the established TTPs employed by the actors behind this prolific piece of extortionware. These changes improve Sigma’s A/V detection-evasion and demonstrate new social engineering tactics intended to increase the likelihood that a targeted user would open the phishing email and its malicious attachment.
That email from HR? RSA attendees say you’d better check twice for phishing.
May 3, 2018 by Cofense in PhishingWhen the security world gathered at RSA 2018, CofenseTM surveyed attendees about phishing attacks and defenses. The #1 phishing concern? Malicious emails that appear to be internal communications, from your boss, HR, or the help desk, making them extra-hard to resist.
With Goo.gl Shutting Down, Will Attackers Move to Less Transparent URL Shorteners?
May 2, 2018 by Cofense in Threat IntelligenceGoogle recently announced it was shutting down Goo.gl, its URL shortener service. Going forward, you’ll find short-link provisioning in Google’s Firebase mobile and web application platform.
Hunting Malware Threats from Just One Word: How to Perform a Fruitful Investigation with Practically Nothing
May 1, 2018 by Cofense in Threat IntelligencePosted by: Jason Meurer, Researcher, Cofense As security researchers, we sometimes have very little information to begin our investigations or research activities. A rumor here or there can sometimes spread from a single word attributed to a current phishing or malware campaign. This was exactly the case for us on February 27th, when we identified a phishing campaign but were provided with very limited information to aid us in starting our research.
Russian “Troldesh” AKA Encoder.858 or Shade is back!
April 27, 2018 by Dilen Thakuri in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense CenterOn the 19th of April, the Cofense Phishing Defense Center received an email crafted to appear to be from “Sberbank Russia.” In fact, it was a phishing email containing the Troldesh malware, a variant of Russian Ransomware first seen in mid-2015. The PDC hadn’t seen this variant for quite some time.
5 ways we boost your anti-phishing program’s ROI.
April 25, 2018 by Zach Lewis in Phishing Defense CenterCyber Incident ResponseInternet Security AwarenessIf you’re shopping for a vendor to help with phishing awareness training, you might be thinking, “They all seem pretty similar. What’s the difference?”
How to Avoid Drowning in Spam and Phishing Emails
April 23, 2018 by Cofense in Phishing Defense CenterCyber Incident ResponseInternet Security AwarenessAs we have continued to improve anti-phishing capabilities for clients over the past few years, we have seen a myriad of changes in phishing email composition, style, and approach. Throughout all those changes however, one thing has remained the same.