One core element of the information security mission is the successful assessment of the risk posed to an organization by a malware sample or malware variety delivered by a phishing email. In 2017, phishers have embraced the use of adaptable and flexible malware to gain initial footholds in a network before monetizing the infected host. The intersection of these two missions creates a scenario in which open-ended, adaptable botnet malware challenges information security professionals to prepare for a wide array of malware capabilities–in some case without much insight into the real risks posed by a malware tool. However, in some...
Make your nominations for the 2017 PhishMe® Excellence Awards today! Every day, 1000s of companies use PhishMe as a cornerstone of their phishing defense program. The PhishMe Excellence Awards recognize the outstanding achievements of security professionals and organizations with innovative, successful anti-phishing and phishing defense programs to minimize the risk and impacts associated with phishing attacks.
Ransomware is a business. And like all smart business people, hackers look for efficiencies to increase revenue and lower cost of delivery.
When it comes to cyberattacks, small businesses are big targets. That’s why we recently introduced PhishMe® Free, a no-cost, easy-to-use version of our award-winning anti-phishing simulation solution.
It’s easy to believe that phishing only happens to people who aren’t smart enough to detect it. This simply isn’t true. As the tech-savvy developers at software company a9t9 have indicated in their statement about a phishing incident last week, even smart developers can be fooled with a phish. As reported by Tripwire, a Chrome plugin developer fell for a phishing attack that allowed the threat actor to take control of a9t9’s account in the Chrome Store. This means that the Copyfish plugin built by a9t9 was no longer under its control. Meanwhile, the plugin has already been used to...
Threat actors’ consistent pursuit of improved efficiency is a key characteristic of the phishing threat landscape. One method for improving efficiency is to use a unique delivery technique that not only allows threat actors to distribute malware but also succeeds in evading anti-virus software and technologies.
PhishMe® Research has generally seen macro execution in PowerPoint tied to specific actions and events, such as a mouse interaction with an object or custom actions. But the “Ribbon Cutting” technique uses a different method; it runs macro code by creating a UI callback that is triggered when the file is opened. Although in the example below we use PowerPoint, the technique can be used in other Office applications that support ribbon customizations.
On July 13, 2017, the Phishing Defense Center reviewed a phishing campaign delivering Hawkeye, a stealthy keylogger, disguised as a quote from the Pakistani government’s employee housing society. Although actually a portable executable file , once downloaded, it masquerades its icon as a PDF.
A ransomware victim must have a compelling reason to go through the burdensome process of obtaining Bitcoin and paying the ransom. For many victims, the threat of permanently losing access to their files is enough. However, some ransomware authors and criminals seek to push victims harder by raising the stakes even further.
A key part of phishing threat actors’ mission is to create email narratives and leverage malware delivery techniques that reduce the likelihood of detection. By combining compelling social engineering with seemingly benign content, threat actors hope to bypass technical controls and to convince their human victims of a phishing email’s legitimacy. One method with a long history of use is the abuse of Google Docs file sharing URLs to deliver malware content to victims. Because Google Docs and other cloud services may be trusted within an enterprise, threat actors will continue to abuse file sharing services to possibly bypass firewalls...