Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Unscrupulous Locky Threat Actors Impersonate US Office of Personnel Management to Deliver Ransomware

November 8, 2016 by Cofense in Threat Intelligence

Update 2016-11-11: It is important to PhishMe to avoid hyperbolic conclusions whenever possible. In the interest of clarifying some conclusions that have been drawn from this blog post, it is important to keep in mind the nature of Locky distribution and how this malware is delivered to victims. We consider it a serious responsibility to report on very real threats in a way that lends itself to our credibility as well that the credibility of all information security professionals. PhishMe has no reason to believe that this set of emails was delivered only to victims of the OPM incident nor...

READ MORE

Viotto Keylogger: Freemium Keylogger for the Skids

October 20, 2016 by Cofense in Phishing

The PhishMe Research team recently received a campaign escalated by one or our analysts. We’ll explore the campaign delivery, malicious attachments, and analysis of the malicious attachments, and we’ll provide a simple method for extracting the credentials being used for this keylogger family’s data exfiltration. Campaign The PhishMe Triage platform allows SOC analysts to identify, analyze, and respond to email threats that have targeted their organization. For this particular campaign, the suspicious email had an ARJ archive attachment, which contained a Windows PE32 executable. Although Windows OS does not natively open archive files with the ARJ extension, a number of third-party applications,...

READ MORE

The PhishMe Advantage – ROI

October 17, 2016 by Cofense in Phishing

Return on Investment Measuring the return on investment (ROI) from your PhishMe solution is simple and easy. The most obvious and significant impact is the dramatic reduction you will see in the overall risk of a phishing attack both getting past your perimeter protection and your skilled users but there are other ways to measure your investment: Monetary ROI Customers can realize monetary ROI from PhishMe by reducing their overall risk to phishing and other security threats. Adversaries have successfully employed phishing tactics to steal intellectual property, personally identifiable information, and other sensitive information that can harm an organization’s competitive advantage...

READ MORE

The (BEC) Song Remains the Same

October 4, 2016 by Heather McCalley in Phishing

I had a dream, a crazy dream, that we stopped responding to ridiculous email messages demanding that a wire be sent immediately.  Also in that dream, all the bad guys were caught and had to pay restitution and go to jail. While that second part may never happen, there has been definite progress toward the dream goal and there are definite steps to take to ensure that you – and others in your company – do not fall victim to a BEC email. Coordinated by the National Cyber-Forensics & Training Alliance (NCFTA), contact information and incident details are being swapped quickly...

READ MORE

Behavioral Conditioning, Not Awareness, Is the Answer to Phishing

September 20, 2016 by Cofense in Internet Security AwarenessPhishing

BY AARON HIGBEE AND SCOTT GREAUX You don’t stop phishing attacks by raising user awareness. A recent study conducted by a German university confirms what we at PhishMe have known all along: Focusing on awareness isn’t the point. The real solution is behavioral conditioning. The study, conducted by Friedrich-Alexander University (FAU) of Erlangen-Nuremberg, Germany, used 1,700 students to simulate spear phishing attacks. An August 31 Ars Technica article published preliminary results of the study showing at least 50% of students clicked simulated phishes, even though they understood the risks. With its headline, “So Much for Counter-phishing Training: Half of People...

READ MORE

Macro Based Anti-Analysis

August 19, 2016 by Cofense in Malware AnalysisThreat Intelligence

Over the past several months PhishMe research has noticed an increase with Anti-Analysis techniques being included within Office macro and script files. This is the first post in a series where we look at the inclusion and effectiveness of these methods. Although the use of Anti-Analysis techniques is not new, they are generally observed within the packed payload in an effort to avoid detection by endpoint security solutions. Most recently we came across a campaign of emails which included a malicious Microsoft Word document. The document contains a standard lure using an image instructing the user to enable active content...

READ MORE

Cyber Crime: The Unreported Offense

July 28, 2016 by Cofense in Internet Security AwarenessPhishing

On July 22, 2016 the UK’s Office for National Statistics released crime details for the year ending March 2016.  For the first time, this data included information about fraud and computer misuse offenses, which was compiled in the National Crime Survey for the first time in October 2015. While the police recorded 4.5 million offenses from March 2015 to March 2016, the survey indicates there were likely 3.8 million fraud instances and 2 million computer misuse instances during that same year, with the vast majority of these crimes being unreported to law enforcement.  The report has caused for a new call for additional...

READ MORE

Reality-checking Mr.Robot Ransomware

July 13, 2016 by Cofense in Ransomware

WARNING: MAJOR SPOILER ALERT! USA Network’s television show, Mr.Robot, kicked off Season 2 with a BANG!   The program features the exploits of a hacker named Elliot Alderson (Rami Malek) who uses the alias “Mr.Robot” to work with a team of hackers who call themselves F-Society and have as their mission the destruction of a major corporation that they call “Evil Corp,” whose logo calls back to the Big Corporate Corruption of Enron. In this episode, the attack is against the “Bank of E.”

READ MORE

RockLoader Delivers New Bart Encryption Ransomware

June 24, 2016 by Cofense in Phishing

Another ransomware tool has been added to the ever-growing encryption ransomware market with the introduction of the Bart encryption ransomware. Named by its creators in its ransom payment interface as well as in the extension given to its encrypted files, the Bart encryption ransomware has leveraged some distinctive mechanisms for delivery during its early deployments. Furthermore, this ransomware shares some interface elements that evoke the same look and feel used by the Locky encryption ransomware ransom payment interface. In many ways the Bart encryption ransomware is a very mainstream encryption ransomware in both the files it targets for encryption (a...

READ MORE

Phishing ‘tests’ are… USELESS

June 24, 2016 by Cofense in Phishing

While perusing reddit.com, a well-known social hotbed of ‘intellectual superiority’, I came across the following string: *sigh* Asked by the boss man to phish the team… What I discovered is what appears to be a never ending lamentation on the ‘uselessness’ of phishing tests. I couldn’t agree more.  Phishing ‘tests’ are indeed useless.

READ MORE

Presidential Phishing Scams: Examining Voter Vulnerability

November 5, 2012 by Cofense in Phishing

With emotions running high during election season, an email with the name Romney or Obama in the subject line could make even an experienced user click on a malicious link. Spammers are taking advantage of the Presidential election buzz and using malware-laden emails to target users. Many of these emails don’t have any visible consequences, so users may not even realize when malware is infiltrating their personal computers or mobile devices. But what about the potential danger this malware can bring into your workplace from these spear phishing scams?

READ MORE

Breaking the Myths of Social Engineering

October 1, 2012 by Rohyt Belani in Internet Security AwarenessPhishing

Last week, a Washington Post article by Robert O’Harrow offered an interesting look at the most common attack vector used by cybercriminals to penetrate enterprises today: spear phishing. While we applaud (loudly) the thrust of the article – that enterprises need to educate users on the dangers of spear phishing – there are some very real challenges in user education that the article does not address.

READ MORE

Why PhishMe makes Pentesters Uncomfortable

August 31, 2012 by Aaron Higbee in Cofense NewsPhishing

I read Aitel’s article right before leaving for BlackHat: “Why you shouldn’t train employees for security awareness” Popcorn in hand, this should be a fun read. After all, we agree that traditional awareness methods don’t seem to be sticking.

READ MORE

LinkedIn password leak: What it means for phishing

June 6, 2012 by Aaron Higbee in Phishing

Spoiler: LinkedIn password leak: What it means for phishing?  Answer:  Not Much! When people talk to us about phishing, they often want to know “What’s next in phishing? What else are you seeing?” This gets asked a lot, and is one of my least favorite questions because the truth is, email based spear phishing works as-is It has no reason to evolve right now.

READ MORE

Educause 2012 SPC: Quick Review

May 22, 2012 by Aaron Higbee in Internet Security Awareness

Last week I attended the Educause Security Professionals Conference 2012 in Indianapolis Indiana and was lucky enough to co-present with Emory University to discuss the phishing problems higher education face. This event had an entire track devoted to Awareness & Training and of course a major topic for discussion was phishing.

READ MORE

Anatomy of a vulnerability based spear phishing attack

May 4, 2012 by Cofense in Phishing

Anatomy of a vulnerability based phishing attack This week SC Magazine named  the Chrome vulnerabilities the Threat of the month.  So, how would an attacker use this vulnerability in a spear phishing scam you ask? They know their audience Advanced threats know who they want to target, it doesn’t matter that your Skype handle is @kukubunga998 – they know you work for the organization they are targeting.  They also deduce (the same way a marketer does) that you are a Chrome user, or that you have it installed for some reason or another.  They know that your organization is big...

READ MORE

2011 – The year of spear phishing And spear phishing

November 17, 2011 by Aaron Higbee in Phishing

An odd title for a blog post but something that has been on my mind for a while now. We get a fair amount media requests for comments or perspective on phishing stories.  This is a good thing. It’s nice to have recognition in your field. Of course 2011 was no shortage of phishing related news. (What’s up RSA, I’m looking at you. I’ve noticed you frequent our website a lot. How about a demo. Couldn’t hurt?)

READ MORE

Spear Phishing with Password Protected Zip Files

November 1, 2011 by Cofense in Phishing

The Slashdot headline this morning reads: Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms What is it about? Simple, the poison ivy trojan wrapped in a password protected ZIP file so it can get past filtering.  Symantec has an excellent analysis of these attacks in a paper titled: The Nitro Attacks: Stealing Secrets from the Chemical Industry by Eric Chien and Gavin O’Gorman.  You can read the entire paper here. “The most recent attacks focusing on the chemical industry are using password-protected 7zip files which, when extracted, contain a self-extracting executable. The password to extract the 7zip file is included in...

READ MORE

Current events: How news exposes your company to spear phishing attacks

October 11, 2011 by Cofense in Phishing

Like many high-profile events, the passing of Apple’s co-founder and former CEO, Steve Jobs, has initiated a slew of new phishing attacks that are designed to play on recipients’ emotions about the event.  Steve Jobs and Apple themed phishing campaigns are in the wild but more concerning are the spear phishing attacks targeting iPhone users.  PhishMe understands how these events can adversely affect our customers therefore we have released a new phishing simulation theme designed to train susceptible users on how to identify and avoid current event based attacks. -Scott

READ MORE

User Awareness: A Growing Concern Among Organizations

September 6, 2011 by Cofense in Internet Security Awareness

Phishing has always been a challenge for companies, but in recent months high profile breaches have cast a bright light on a more pressing aspect of the phishing threat – user awareness; or the lack there of! The reason phishing attacks are so effective is because most employees have a basic level of phishing awareness. Companies attending recent events such as Black Hat and SANSFIRE, reiterate a common theme; “we need more effective ways to increase our employees’ awareness to help minimize the success of phishing attacks.” Once thought of as a threat that could be mitigated simply by an...

READ MORE