COFENSE PHISHING PREVENTION & EMAIL SECURITY BLOG

Under the Radar – Phishing Using QR Codes to Evade URL Analysis

Phishing Attacks on High Street Target Major Retailer

Houdini Worm Transformed in New Phishing Attack

By Nick Guarino and Aaron Riley The Cofense Phishing Defense Center™ (PDC)  and Cofense Intelligence™ have identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. This new variant is named WSH Remote Access Tool (RAT) by the malware’s author and was released on June 2, 2019. Within five days, WSH RAT was observed being actively distributed via phishing. Figure 1 shows an example message from this campaign.

John Podesta’s Phish Foreshadows Doom for 2020

If you haven’t read the Mueller Report, spoiler alert: the phish that netted the Clinton campaign was not sophisticated. As you may know, neither was the campaign’s phishing defense (understatement). All of which spells probable doom for the 2020 presidential candidates, despite the news that campaigns have looked at offers, some free, from cyber-security firms.

This ‘Voice Mail’ Is a Phish—and an Email Gateway Fail

Cofense Report: 90% of Verified Phish Found in Environments Using Email Gateways

By Kaustubh Jagtap Our recently released 2019 Phishing Threat and Malware Review highlights how perimeter protection technologies can’t stop all advanced phishing threats. Email gateways are a critical first line of defense, but as attackers have continued to innovate gateways haven’t kept up.  The CofenseTM report also underscores the importance of human intelligence to identify these advanced attacks once they make it past gateways. Trained users can effectively detect and report advanced phishing to allow SOC teams to accelerate incident response. Credential Phish Are the Most Common Threat 90% of verified phishing emails were found in environments using email gateways....

Using Windows 10? It’s Becoming a Phishing Target

The Zombie Phish Is Back with a Vengeance

Keep a close on your inboxes—the Zombie Phish is back and it’s hitting hard. Last October, on the eve of Halloween, the CofenseTM Phishing Defense CenterTM reported on a new phishing threat dubbed the Zombie Phish. This phish spreads much like a traditional worm. Once a mailbox’s credentials have been compromised, the bot will reply to long-dead emails (hence, Zombie) in the inbox of the infected account, sending a generic phishing email intended to harvest more victims for the Zombie hoard.

New Phishing Attacks Use PDF Docs to Slither Past the Gateway

By Deron Dasilva and Milo Salvia Last week, the CofenseTM Phishing Defense CenterTM saw a new barrage of phishing attacks hiding in legitimate PDF documents, a ruse to bypass the email gateway and reach a victim’s mailbox. The attacks masquerade as a trusted entity, duping victims into opening what appears to be a trusted link, which in turn leads to a fake Microsoft login page. Once there, victims are tricked into providing their corporate login credentials.

GameOver Zeus: Three Things You Should Know

The Zeus banking Trojan is a popular topic in the security world these days. It’s not new, but it still garners attention as one of the most successful and prolific Trojans in use today. Banking Trojans hide on infected machines and intercept activity related to the user’s finances—bank account logins, investment information, even purchases on sites like eBay. This differs from phishing. With phishing, an end user is infected with a banking Trojan like Zeus, but they are not directed to a fake website and made to believe they are logging in to an official website. Instead, he or she...

Top Phishing Concerns of DNS Providers

Twitter and the New York Times were hacked this week, which means that they have officially joined the ranks of other major news organizations, including the Financial Times and Washington Post who have been targeted by hackers over the past few months. So, how’d it happen? Three things: hacker groups, DNS providers and spear phishing. The Syrian Electronic Army (SEA) appears to be taking credit for this attack, as their logo was prominently displayed at NYTimes.com when the site was compromised. The SEA, a hacker group, protesting Syrian President Bashar Al-Assad, launched the attack in order to generate high profile awareness...

An untapped resource to improve threat detection

Speaking in front of the House Committee on Special Intelligence earlier this year, Kevin Mandia (CEO of Mandiant) remarked that, “One of the most valuable resources in detecting and responding to cyber attacks is accurate and timely threat intelligence.”  Despite its value, many organizations don’t have a way to get timely threat intelligence. How can organizations improve in this area? If you know anything about us, it probably won’t shock you that we’re encouraging enterprises to focus on their users as a source of real-time threat intelligence. Given that the vast majority of targeted attacks focus on the end user...

Royal Baby Spam and Malware Attack Happening Now

It’s unfortunate, but when the general public is captivated by a certain news story, cybercriminals are hard at work exploiting the publicity that the news attracts. Exploitation can take many forms. In the cybersecurity space, we often see fake news stories about trending topics floating around. Fake news is becoming a serious problem. It is becoming harder to differentiate fake news from real news. Those fake news stories often have one sole purpose. To trick Internet users into clicking on a malicious link. Such is the case right now. The public is captivated by content about the new royal baby...

Build Phishing Countermeasures to Protect Your Brand

Corporations fight phishing each and every day. Large and recognizable financial institutions, retail companies, internet service providers/telecommunication companies are among those most heavily targeted victims of phishing. While the aftermath of a phishing attack is costly and yields long-term consequences, it’s quite difficult to keep up with cybercriminals. It’s shockingly easy for cybercriminals to create a phishing site targeted at your brand, so easy that the cybercriminal simply needs to unpack and upload a pre-built “phishing kit” in order to create a new phishing website. Just one phishing kit can produce hundreds of phishing URLs. With just a few clicks...

Defining a Sophisticated Attack

What do nearly all of the recent high-profile data breaches have in common? They have all been traced to sophisticated threats and cyber criminals. While there are many disagreements in the security industry, after every significant breach nearly everyone agrees that it was sophisticated (Twitter, Apple, and the Department of Energy are some of the unfortunate organizations to be compromised by a sophisticated attack recently). On the surface, it isn’t hard to see why. First, technology vendors need attackers to be super sophisticated, because simple tactics couldn’t circumvent their products, right? For victims of a breach, it is advantageous for...

What Trend Micro’s research means for organizations

Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution. Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.

Machines v/s Humans: Who Do You Think Is More Intelligent?

As the barrage of security breaches continues, Citigroup is the latest victim. This eWeek article: http://www.eweek.com/c/a/Security/Citigroup-Credit-Card-Portal-Breach-Compromises-200000-Customers-461930/ discusses the potential impact of this attack.   One of the commentators brings up the topic of phishing.   Hannigan, the CEO of Q1 labs, rightly points out that  “Security trust means more than just making sure you’re in compliance with regulations,”. On the other hand, some of the quotes, like that from Anup Ghosh, co-founder of Invincea has a blatant technology solution vendor bias. He discounts human intelligence when referring to customers in this quote – “it’s not reasonable to expect them to differentiate...

5 Things We Launched this Year to Stop Phishing Attacks Faster

Merry Phishmas! It’s been another busy year of phishing scams, malware delivery, and other Grinchy activity. To help keep you protected, Cofense™ has refined our solutions to stop phishing in its tracks. Following are some of the new capabilities we launched in 2018. 

Mature Your Anti-Phishing Program to Reflect Active Threats

At CofenseTM we often hear comments from customers like, “My anti-phishing program has been running for years, email reporting rates have increased, and overall my users are better prepared. How can I continue to address and lower my risk?”

Major US Financial Institutions Imitated in Advanced Geodo/Emotet Phishing Lures that Appear More Authentic by Containing ProofPoint URL Wrapped Links

By Darrel Rendell, Mollie MacDougall, and Max Gannon Cofense IntelligenceTM has observed Geodo (also known as Emotet) malware campaigns that are effectively spoofing major US financial institutions in part by including legitimate URLs wrapped in Proofpoint’s (PFPT) TAP URL Defense wrapping service. This adds an air of legitimacy to the casual observer, designed to increase the chances of malware infection. Figures 1 and 2 provide examples of the template and URL wrapping. Cofense Intelligence assesses the improved phishing templates are likely based upon data pilfered with a recently updated scraper module to spoof US financial institutions so effectively. Figure 1:...

Phishing Enables Domestic Violence. Education Can Help Stop It.

According to estimates, approximately 760 people, or more than two per day, are killed by their partners. Most of the victims are women.1  Making matters worse, abusers use “stalkerware” to track their victims online, cutting off sources of income, isolating them from friends and family, and otherwise trying to control every aspect of their lives.

Building a Security Awareness Program? Start with Strategy and Goals

Part 1 of a 4-part series on building and maintaining a security awareness program, in support of National Cybersecurity Awareness Month. In 2011, I began my journey into security awareness. At that time, there were limited resources and most programs were still compliance focused. Even though I had previously spent 5 years in IT compliance, I knew this wasn’t the right approach to get users to learn or care about security. I kept telling the director that owned the role, “Compliance focus is wrong –you have to market to the users.”

Ouch! Our Report Shows Why the Healthcare Industry Needs Better Phishing Defense

Cofense™ released new research last week on phishing in the healthcare industry. It’s one of those industries that routinely gets hammered by phishing and data breaches. In fact, according to Verizon’s most recent Data Breach Investigations Report, over a third of all breaches target healthcare companies1. One recently reported example: the phishing attack on the Augusta University healthcare system, which triggered a breach that may have compromised the confidential records of nearly half a million people. None of this is surprising, considering that healthcare lives and breathes data. But our research also found this: Healthcare lags behind other industries in...

Here’s a Free Turnkey Phishing Awareness Program for National Cybersecurity Awareness Month

So….it’s September and October is only a few weeks away. Have you started putting together your campaign for National Cybersecurity Awareness Month (NCSAM) yet? If not, you’re in luck – we’ve created a complimentary turnkey phishing awareness program for you to quickly launch and look like a super hero to your leader AND your organization! And best yet, these resources can be used all year round – BECAUSE security awareness goes beyond October. 

How to Protect Against Phishing Attacks that Follow Natural Disasters

By Aaron Riley and Darrel Rendell With Hurricane Florence battering parts of the East Coast, here’s a reminder that phishing campaigns sometimes pretend to promote natural-disaster relief efforts in hopes of successfully compromising their target. Cofense IntelligenceTM has analyzed plenty of these campaigns, which are designed to entice the end user into credential theft or endpoint infection.

Phishing Automation: Automate Your Phishing Defense While Keeping Human Control

When it comes to combatting phishing, “set and forget” is a pipe dream. You can’t, and you shouldn’t, take humans out of the picture. But thanks to CofenseTM automation, you can stop attacks while reducing man hours and saving money.