After improving phishing detection, this company is focusing on response.
March 16, 2018 by Zach Lewis in Malware AnalysisPhishing Defense CenterA global commercial development company needed to train employees to recognize and report phishing. The company launched Cofense PhishMeTM and Cofense ReporterTM, conditioning users to identify potentially malicious emails and empowering them to report with a single click.
For this financial services company, tougher simulations hardened phishing resiliency
March 15, 2018 by Zach Lewis in Malware AnalysisPhishing Defense CenterAfter introducing Cofense PhishMeTM and Cofense ReporterTM, a financial services company had reduced susceptibility to 10% or lower across its 10,000+ employees. At the same time, reporting had climbed to almost 50% for data-entry simulated phishes and just under 25% for click-only. In other words, employees had learned to identify basic phishing attacks. Sometimes you need to “turn up the heat.” The company’s CISO realized it was time to use more complex scenarios to further harden resiliency. The CISO pointed out that attackers don’t ask permission to launch sophisticated attacks, so the company had to be ready for anything. To...
Careful: This “life insurance invoice” contains the Ursnif malware
March 12, 2018 by Marcel Feller in Malware AnalysisPhishing Defense CenterOver the past couple of days, the Cofense™ Phishing Defence Centre has observed multiple campaigns that prompt the user to download what appears to be a life insurance invoice. The “invoice” gets delivered in the form of a zip file that contains a LNK file with content crafted to create an effective malware downloader tool. The malware it delivers: Ursnif.
This financial services company increased phishing reporting to over 50%
March 9, 2018 by Zach Lewis in Internet Security AwarenessMalware AnalysisPhishing Defense CenterTo lower phishing susceptibility, a major financial services company introduced Cofense PhishMeTM. By sending a strategic combination of simulated phishes, the company conditioned employees to recognize phishing scams.
Triple threat: This phishing campaign used 3 separate vectors.
March 8, 2018 by phishme in Malware AnalysisBY DARREL RENDELL AND MOLLIE HOLLEMAN Cofense IntelligenceTM rarely sees a weaponized document that contains three separate vectors to launch an embedded payload. However, we recently observed a small phishing campaign that distributed an RTF which abuses two vulnerabilities and leverages social engineering in an attempt to execute a FormGrabber payload on the victim’s machine.
The NanoCore RAT Has Resurfaced From the Sewers
March 2, 2018 by Kam Patel in Malware AnalysisThe Cofense™ Phishing Defense Center has observed several e-mails attempting to deliver a popular variant of a Remote Access Trojan (RAT) malware that appears to have recently resurfaced: NanoCore.
That Little Click Could Be Sending Your Browser to the Mines
March 1, 2018 by Gary Warner in Malware AnalysisBitcoin and most other cryptocurrencies are based on the idea that coins can be generated by causing computers to solve a difficult problem. The more CPU cycles an individual can dedicate towards the mining problem, the more likely the chance that they will create a new coin. For years, botnets have scanned corporate networks for high-powered machines and installed Bitcoin or other cryptocurrency mining software on the fastest computers.
PhishMe is now Cofense.
February 26, 2018 by Aaron Higbee in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishingPhishing Defense CenterRansomwareThreat IntelligenceOn February 27th 2007, while on the phone with my friend and co-founder Rohyt Belani, I typed the name phishme.com into GoDaddy™. We couldn’t believe our good luck and immediately registered it. As the co-founder who named this company PhishMe®, the emotional attachment is real. Somewhere in the pile of entrepreneurial startup books, I have a branding book that suggested your name is a vessel that should be big enough to carry your future products and services. We outgrew that boat quite some time ago.
Italian DHL-Themed Phishing leads to Ursnif, Spambot
February 15, 2018 by Darrel Rendell in Malware AnalysisPhishMe Intelligence™ recently intercepted a subtle, DHL-spoofing campaign delivering a heavily-obfuscated JavaScript file. When executed, this JavaScript file downloads and runs a variant of the Ursnif/Gozi-ISFB trojan. Ursnif, in addition to its banker and stealer pedigree, acts as a downloader to serve a nasty surprise to the infected system. This is the first time PhishMe Intelligence has observed Ursnif actively delivering a spambot onto an infected system. Given Ursnif’s usually stealthy tendencies, it is somewhat unusual to see such a pairing.
PhishMe is SOC 2 compliant. Here’s how that helps you.
February 9, 2018 by phishme in PhishingInformation security is important to everyone, in particular organizations that outsource operations to third-party vendors (like SaaS or cloud-computing providers). If data isn’t handled securely, an organization’s risk of exposure to data theft, extortion and malware increases dramatically.