About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Cofense Phishing Prevention & Email Security Blog


Another Holiday-Themed Phish: Eid al-Adha is the Pretext for an Agent Tesla Campaign

August 23, 2018 by Cofense in Threat Intelligence

Holidays and global events provide timely material for threat actors to use as phishing lures. This technique is a common practice, and can sometimes be convincing to targets, especially just before a major holiday. On Sunday, August 19, 2018, Cofense Intelligence™ received an Eid-themed phishing email. Eid al-Adha, the Islamic festival/holiday, began this week.


UPDATE: Necurs Botnet Banks on a Second Bite of the Apple with New Malware Delivery Method

August 22, 2018 by Jason Meurer in Malware AnalysisThreat Intelligence

Last week, Cofense™ research uncovered and broke the news that the Necurs botnet began a highly-targeted campaign aggressively attacking more than 3,000+ banks worldwide with a malicious PUB file that drops the FlawedAmmyy malware. You can read the full analysis in last week’s research blog.


5 Steps to Targeting Newbies with Phishing Awareness Training

August 21, 2018 by Alexandra Wenisch in Internet Security Awareness

When it comes to phishing awareness training, new hires need special attention. While most may know what phishing is, many won’t have received formal training in recognizing and reporting a phish. This chart shows sample data from a CofenseTM customer whose newbies struggled to spot phishing emails during simulation training. Before they develop bad inbox habits, it’s important to welcome your brand-new users to your training program, especially if your company has fairly high turnover. Following are 5 tips to make the transition smoother and, ultimately, help your security teams stop phishing attacks. Step 1: Announce and Set the Stage...


The Lazy Man’s Guide to Phishing

August 16, 2018 by Cofense in Phishing Defense Center

By Lucas Ashbaugh Laziness and sloppy work are the twenty first century’s newest business model, and for phishing actors it’s a gold rush. The real winners from modern phishing have taken a chapter out of the entrepreneur’s  handbook: The Lean Startup. For them, phishing isn’t about artisanal fraud and refined skills, it’s about starting cheap, failing quickly, and getting their head back in the game. It’s horrendously brilliant. In a world where SOCs are constantly grinding to block that IP, scan for that hash, disable macros, etc., automated solutions just can’t keep up. When it comes to phishing, speed is king....


Necurs Targeting Banks with PUB File that Drops FlawedAmmyy

August 15, 2018 by Cofense in Malware Analysis

By Jason Meurer and Darrel Rendell Cofense™ Research reports that the Necurs botnet began a new campaign at approximately 7:30 EST on Aug 15, one appearing to be highly targeted at the banking industry. So far, Cofense has seen over 3,701 bank domains targeted as recipients.


July Malware Review: Geodo and TrickBot Flex Their Muscles

August 15, 2018 by Cofense in Malware Analysis

The Cofense IntelligenceTM team has wrapped up our analysis of mid-summer malware. To get this summary started, let’s look at a couple of charts.  Chart 1: Top 5 malware delivery methods, by campaign, identified in July Chart 2: Top 5 malware families, by campaign, identified in July In our Strategic Analysis released on Thursday, 26th July, it was noted that Geodo and TrickBot had been unusually active in recent weeks, following a lull in June and into early July. Charts 3 and 4 expand upon this observation via side-by-side comparisons and year-to-date trends. Prior to July, both TrickBot and Geodo tended...


How to Get Internal Buy-In for Your Phishing Simulation and Awareness Training Programs

August 14, 2018 by Bunmi Ogun in Internet Security Awareness

If you run an anti-phishing program, you’ve probably run into this. You want to impersonate internal teams in your phishing simulations, because that’s what attackers do. But you get pushback:


An Analyst’s View of Surging PowerShell-based Malware

August 13, 2018 by Marcel Feller in Malware AnalysisPhishing Defense Center

Over the past couple of weeks, the Cofense™ Phishing Defence Center (PDC) has observed a rise in PowerShell-based malware. PowerShell is a very powerful scripting language that is legitimately used in many organisations. PowerShell is packed with almost endless capabilities, most of which are particularly interesting to threat actors who wish to abuse PowerShell for malicious purposes.


Why a phishing-specific SOAR? Because phishing is STILL the #1 cause of breaches.

August 8, 2018 by Cofense in Cyber Incident Response

SOAR is an acronym for Security Orchestration Automation and Response.  And it’s what Cofense™ does for phishing threats and attacks. And, according to researchers at ESG, 19% of enterprises have adopted SOAR technologies extensively, while 39% have dipped their toes in the water and 26% are currently working on SOAR-related projects.1 Why is SOAR soaring? Because organizations need to connect their layers of security systems and make the most of their limited, highly skilled security resources. Phishing Alert! Alert! Alert! Phishing isn’t going away. To the contrary, it’s still growing because it works. In fact, enterprises receive up to 150,000...


Phishing Incident Response: Get Started in 3 Steps

September 15, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

So, you want to improve your response to phishing threats? Smart idea. PhishMe®’s recent report on phishing response trends shows that phishing is the #1 security concern, but almost half of organizations say they’re not ready for an attack.


Identity Crisis – The Real Cost of a PII Data Breach

September 12, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

As the success of phishing attacks continues to broaden and gain traction in the modern news cycle, it’s important that we understand the differences in impacts based on the type of breach.


Catching Phish with PhishMe Intelligence and ThreatQ

September 12, 2017 by Cofense in PhishingCyber Incident ResponseThreat Intelligence

PhishMe IntelligenceTM Integrates with ThreatQuotient’s ThreatQ Platform Swimming in a sea of threat intelligence indicators and services, security teams have been working towards effective ways to centralize, de-duplicate, and correlate massive amounts of threat data. The challenge, once this is done, is acting on what matters most. This requires intelligence, not just data.


To Get “Left of Breach,” First Know Thyself

September 11, 2017 by Cofense in PhishingCyber Incident ResponseMalware Analysis

Part 2 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 1 of this series, we talked about getting front of data breaches by taking proactive steps—everything to the left of the bullseye in the figure shown here:


Human Phishing Defense Tackle Box – PhishMe Intelligence™ and IBM QRadar®

September 8, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessThreat Intelligence

PhishMe® and IBM have teamed up to provide security operations with essentials for their phishing defense program. Security teams don’t want standalone security products; they need holistic security solutions and through partner integrations. That’s why PhishMe and IBM have partnered to help enterprise businesses defend against credential-stealing, malware, ransomware, and Business Email Compromise (BEC) phishing.


PhishMe Triage Catches and Mitigates a Phishing Attack on Day 1

September 8, 2017 by Cofense in PhishingCyber Incident ResponseMalware Analysis

BY JOHN TRAVISE AND NICOLAS OCTAVIANI PhishMe Triage™ immediately reveals an active, ongoing phishing attack against a new customer during a configuration and deployment.


NanoCore Variant Delivered Through UUE Files

September 8, 2017 by Marcel Feller in Phishing Defense CenterMalware AnalysisPhishing

Over the past few weeks, our Phishing Defense Center has observed several emails with malicious PDF attachments that prompt the user to download a .UUE file from Dropbox. UUE files (Unix to Unix Encoding) are files encoded with uuencode, a program that converts binary files to text format for easy transfer while still allowing for the files to be easily opened using Winzip or similar un-archiving applications. When file extensions are not displayed in Windows, the downloaded file looks like any other compressed file (as shown in Figure 1), which makes it harder to spot that this file is indeed...


Want to Get In Front of Breaches? Be Like the Marines.

September 5, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 1 in our series on being “Left of Breach” in the Phishing Kill Chain. Too often in the information/cyber security industry, we focus our efforts on mitigation of breaches after they occur, relying on incident response teams to find the needles in the haystack. According to “Left of Bang: How the Marine Corps’ Combat Hunter Program Can Save Your Life,” (by Patrick Van Horne and Jason A. Riley; Foreword by Steven Pressfield) The Marine’s Combat Hunter training program works on this premise: by understanding what “normal” looks like, we are much more likely to recognize activities and behaviors that...


5 Reasons Hackers Target SMBs—and 1 Free Way to Fight Back

September 1, 2017 by Cofense in PhishingCyber Incident ResponseInternet Security Awareness

Last week PhishMe® released PhishMe® Free, a no-cost version of our award-winning anti-phishing solution, to protect SMBs from phishing attacks and resulting threats. A new PhishMe white paper shows the urgent need for SMBs to bolster their defenses.