Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

After improving phishing detection, this company is focusing on response.

March 16, 2018 by Zach Lewis in Malware AnalysisPhishing Defense Center

A global commercial development company needed to train employees to recognize and report phishing. The company launched Cofense PhishMeTM and Cofense ReporterTM, conditioning users to identify potentially malicious emails and empowering them to report with a single click.

READ MORE

For this financial services company, tougher simulations hardened phishing resiliency

March 15, 2018 by Zach Lewis in Malware AnalysisPhishing Defense Center

After introducing Cofense PhishMeTM and Cofense ReporterTM, a financial services company had reduced susceptibility to 10% or lower across its 10,000+ employees. At the same time, reporting had climbed to almost 50% for data-entry simulated phishes and just under 25% for click-only. In other words, employees had learned to identify basic phishing attacks. Sometimes you need to “turn up the heat.” The company’s CISO realized it was time to use more complex scenarios to further harden resiliency. The CISO pointed out that attackers don’t ask permission to launch sophisticated attacks, so the company had to be ready for anything. To...

READ MORE

Careful: This “life insurance invoice” contains the Ursnif malware

March 12, 2018 by Marcel Feller in Malware AnalysisPhishing Defense Center

Over the past couple of days, the Cofense™ Phishing Defence Centre has observed multiple campaigns that prompt the user to download what appears to be a life insurance invoice. The “invoice” gets delivered in the form of a zip file that contains a LNK file with content crafted to create an effective malware downloader tool. The malware it delivers: Ursnif.

READ MORE

This financial services company increased phishing reporting to over 50%

March 9, 2018 by Zach Lewis in Internet Security AwarenessMalware AnalysisPhishing Defense Center

To lower phishing susceptibility, a major financial services company introduced Cofense PhishMeTM. By sending a strategic combination of simulated phishes, the company conditioned employees to recognize phishing scams.

READ MORE

Triple threat: This phishing campaign used 3 separate vectors.

March 8, 2018 by phishme in Malware Analysis

BY DARREL RENDELL AND MOLLIE HOLLEMAN Cofense IntelligenceTM rarely sees a weaponized document that contains three separate vectors to launch an embedded payload. However, we recently observed a small phishing campaign that distributed an RTF which abuses two vulnerabilities and leverages social engineering in an attempt to execute a FormGrabber payload on the victim’s machine.

READ MORE

The NanoCore RAT Has Resurfaced From the Sewers

March 2, 2018 by Kam Patel in Malware Analysis

The Cofense™ Phishing Defense Center has observed several e-mails attempting to deliver a popular variant of a Remote Access Trojan (RAT) malware that appears to have recently resurfaced: NanoCore. 

READ MORE

That Little Click Could Be Sending Your Browser to the Mines

March 1, 2018 by Gary Warner in Malware Analysis

Bitcoin and most other cryptocurrencies are based on the idea that coins can be generated by causing computers to solve a difficult problem.  The more CPU cycles an individual can dedicate towards the mining problem, the more likely the chance that they will create a new coin.   For years, botnets have scanned corporate networks for high-powered machines and installed Bitcoin or other cryptocurrency mining software on the fastest computers.

READ MORE

PhishMe is now Cofense.

February 26, 2018 by Aaron Higbee in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishingPhishing Defense CenterRansomwareThreat Intelligence

On February 27th 2007, while on the phone with my friend and co-founder Rohyt Belani, I typed the name phishme.com into GoDaddy™. We couldn’t believe our good luck and immediately registered it. As the co-founder who named this company PhishMe®, the emotional attachment is real. Somewhere in the pile of entrepreneurial startup books, I have a branding book that suggested your name is a vessel that should be big enough to carry your future products and services. We outgrew that boat quite some time ago.

READ MORE

Italian DHL-Themed Phishing leads to Ursnif, Spambot

February 15, 2018 by Darrel Rendell in Malware Analysis

PhishMe Intelligence™ recently intercepted a subtle, DHL-spoofing campaign delivering a heavily-obfuscated JavaScript file. When executed, this JavaScript file downloads and runs a variant of the Ursnif/Gozi-ISFB trojan. Ursnif, in addition to its banker and stealer pedigree, acts as a downloader to serve a nasty surprise to the infected system. This is the first time PhishMe Intelligence has observed Ursnif actively delivering a spambot onto an infected system. Given Ursnif’s usually stealthy tendencies, it is somewhat unusual to see such a pairing.

READ MORE

PhishMe is SOC 2 compliant. Here’s how that helps you.

February 9, 2018 by phishme in Phishing

Information security is important to everyone, in particular organizations that outsource operations to third-party vendors (like SaaS or cloud-computing providers). If data isn’t handled securely, an organization’s risk of exposure to data theft, extortion and malware increases dramatically.

READ MORE

The NanoCore RAT Has Resurfaced From the Sewers

March 2, 2018 by Kam Patel in Malware Analysis

The Cofense™ Phishing Defense Center has observed several e-mails attempting to deliver a popular variant of a Remote Access Trojan (RAT) malware that appears to have recently resurfaced: NanoCore. 

READ MORE

That Little Click Could Be Sending Your Browser to the Mines

March 1, 2018 by Gary Warner in Malware Analysis

Bitcoin and most other cryptocurrencies are based on the idea that coins can be generated by causing computers to solve a difficult problem.  The more CPU cycles an individual can dedicate towards the mining problem, the more likely the chance that they will create a new coin.   For years, botnets have scanned corporate networks for high-powered machines and installed Bitcoin or other cryptocurrency mining software on the fastest computers.

READ MORE

PhishMe is now Cofense.

February 26, 2018 by Aaron Higbee in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishingPhishing Defense CenterRansomwareThreat Intelligence

On February 27th 2007, while on the phone with my friend and co-founder Rohyt Belani, I typed the name phishme.com into GoDaddy™. We couldn’t believe our good luck and immediately registered it. As the co-founder who named this company PhishMe®, the emotional attachment is real. Somewhere in the pile of entrepreneurial startup books, I have a branding book that suggested your name is a vessel that should be big enough to carry your future products and services. We outgrew that boat quite some time ago.

READ MORE

Italian DHL-Themed Phishing leads to Ursnif, Spambot

February 15, 2018 by Darrel Rendell in Malware Analysis

PhishMe Intelligence™ recently intercepted a subtle, DHL-spoofing campaign delivering a heavily-obfuscated JavaScript file. When executed, this JavaScript file downloads and runs a variant of the Ursnif/Gozi-ISFB trojan. Ursnif, in addition to its banker and stealer pedigree, acts as a downloader to serve a nasty surprise to the infected system. This is the first time PhishMe Intelligence has observed Ursnif actively delivering a spambot onto an infected system. Given Ursnif’s usually stealthy tendencies, it is somewhat unusual to see such a pairing.

READ MORE

Identify, Prioritize, and Respond to Phishing Threats Faster with PhishMe and ServiceNow

January 25, 2018 by phishme in Cyber Incident ResponseMalware Analysis

Improve the Phishing Incident Response Workflow with PhishMe Triage™ and ServiceNow® Security Operations Security leaders are bolstering their resiliency to phishing attacks. It starts with conditioning employees to recognize and report suspicious email. Take for example “Alice,” the CISO for a Fortune 100 company. Alice’s team regularly simulates real-world phishing on employees at all levels. The program involves behavioral conditioning that requires employees to report simulated and real attacks.

READ MORE

This Well-Trained User Caught a Phish

January 18, 2018 by John Travise in Cyber Incident ResponseMalware Analysis

As security professionals, we often view our users as a potential liability. I have plenty of first-hand experience that confirms the trope myself. But what if users could become a strength instead of a chronic risk?

READ MORE

Zeus Panda Prominent in Italian-Language Phishing Throughout 2017

December 22, 2017 by Mollie Holleman in Malware Analysis

In 2017, PhishMe® analyzed over 40 Italian-language phishing campaigns that targeted victims with Zeus Panda. This popular multipurpose banking trojan is primarily designed to steal banking and other credentials, but is capable of much more as it provides attackers with a great deal of flexibility. Although some variation was observed, many of these campaigns demonstrated a large degree of shared tactics, techniques and procedures (TTPs).  Given the prolific nature of these campaigns, it is likely that Italian-language phish will continue to deliver Zeus Panda in 2018. Organizations should be alert to the indicators of compromise and phishing TTPs to prevent...

READ MORE

Recent Sigma Ransomware Campaign Demonstrates Danger in the Simplest of Changes to Malware Delivery

December 20, 2017 by Mollie Holleman in Malware Analysis

On 1 December 2017, PhishMe Intelligence™ identified a new delivery technique for Sigma ransomware, which was most likely employed to evade automated detection and mitigation by email and anti-malware defenses. Potential victims received phishing emails with an embedded image as the message body that also included an attached Microsoft Office document containing a malicious macro. The embedded image contained a password that could be used to open the Microsoft Office document.

READ MORE

Locky-Like Campaign Demonstrates Recent Evolving Trends in Ransomware

December 7, 2017 by Neera Desai in Malware Analysis

Over the US Thanksgiving holiday, PhishMe Intelligence™ observed a recent ransomware campaign, Scarab, that shares some similarities in behavior and distribution with Locky. In this campaign, Scarab was delivered by the Necurs botnet, which made headlines due to its distribution of Locky, which was one of the most prolific ransomware families of 2016 and 2017. Like Locky, Scarab can encrypt targets via both online and offline encryption.

READ MORE

URL Shorteners are the Fraudster’s Friend

November 21, 2017 by Heather McCalley in Malware Analysis

URL shorteners are a great tool to share a web address without a lot of typing. PhishMe Intelligence™ recently observed malicious actors using these services to evade security controls. They use these services to conceal the actual URL and bypass controls put in place to block known malicious domains.

READ MORE

Social Media: It’s Time to <3 Security Awareness

October 24, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 4 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month. Over the past decade, mobile phones and social media have become essential to how we ingest news and communicate friends and families.

READ MORE

Beware: These Scams Turn Open Enrollment into Open Season for Phishing

October 24, 2017 by Heather McCalley in Internet Security AwarenessMalware AnalysisPhishing

Last fall, PhishMe® warned you about scams that use phishing to steal your health savings account (HSA) details during open enrollment periods. This year we are seeing a variety of phishing scams that can take advantage of your year-end diligence in managing personal and corporate assets.

READ MORE

New Strain of Locky with a “Deadly” Twist

October 19, 2017 by Chase Sims in Cyber Incident ResponseMalware AnalysisPhishing Defense Center

With it being flu season, no one wants to hear that a new strain of the flu has been discovered. Just as network defenders will not be excited that Locky ransomware has evolved yet again. This time however, threat actors decided to add a darker theme to code.  

READ MORE

Security Awareness: 4 tips on Trusting Technology

October 17, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 3 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.

READ MORE

Malicious Chrome Extension Targets Users in Brazil

October 17, 2017 by Oscar Sendin in Malware AnalysisPhishingPhishing Defense Center

Our Phishing Defense Center recently detected a significant increase in the number of emails with malware designed  exclusively to target users in Brazil.

READ MORE

Locky or TrickBot? Depends Where You Are. Malicious Payload Delivery Tailored by Geographic Location

October 13, 2017 by phishme in Internet Security AwarenessMalware AnalysisPhishing

BY NEERA DESAI AND VICTOR CORNELL It is not uncommon for threat actors to deploy malicious payloads from multiple malware families during a single phishing campaign. These malware tools may include ransomware, a financial crimes trojan, or other botnet malware. However, it is not as common for those attackers to deploy different malware tools based upon the geographic location of their victim.

READ MORE

To Raise Security Awareness, Don’t Trust the Process.

October 12, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 2 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month. 

READ MORE

Rock the 80’s and More at PhishMe Submerge 2017!

October 11, 2017 by phishme in Cyber Incident ResponseInternet Security AwarenessPhishing

An 80’s party, PhishMe Simulator™ Certification and savings of $100. They’re three great reasons to attend PhishMe® Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor.

READ MORE

Heads Up: This Netflix Phish Targets Business Email, Not Just Home Accounts

October 10, 2017 by Chase Sims in Malware AnalysisPhishingPhishing Defense Center

PhishMe® analyzes phishing attacks intended for corporate email all the time—phishing for corporate email credentials, malware delivery, etc. However, we also analyze phishing for consumer service credentials—think online shopping or Netflix—since it is also a part of the threat landscape.

READ MORE

The Phishing Kill Chain – Triage and Mitigation

October 9, 2017 by John Robinson in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 6 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 5 we looked at the importance of reporting and associated best practices for implementation and measuring success at both the simulation and program trending level. Now let’s shift the focus from the development of our user base as reporters to a more traditional security skill set of detection, analysis and mitigation of threats.

READ MORE