About Cofense
About Cofense
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog


Zeus Panda’s Modular Functions Provide Insight into Botnet Malware Capabilities

August 21, 2017 by Cofense in PhishingMalware Analysis

One core element of the information security mission is the successful assessment of the risk posed to an organization by a malware sample or malware variety delivered by a phishing email. In 2017, phishers have embraced the use of adaptable and flexible malware to gain initial footholds in a network before monetizing the infected host. The intersection of these two missions creates a scenario in which open-ended, adaptable botnet malware challenges information security professionals to prepare for a wide array of malware capabilities–in some case without much insight into the real risks posed by a malware tool. However, in some...


The PhishMe 2017 Excellence Awards Nominations are Open!

August 17, 2017 by Cofense in Phishing

Make your nominations for the 2017 PhishMe® Excellence Awards today! Every day, 1000s of companies use PhishMe as a cornerstone of their phishing defense program. The PhishMe Excellence Awards recognize the outstanding achievements of security professionals and organizations with innovative, successful anti-phishing and phishing defense programs to minimize the risk and impacts associated with phishing attacks.


Ransomware: Don’t Make It Too Easy to Hit Your WordPress Site

August 17, 2017 by Aaron Higbee in Internet Security AwarenessMalware Analysis

Ransomware is a business.  And like all smart business people, hackers look for efficiencies to increase revenue and lower cost of delivery.


PhishMe Free Launches to Protect SMBs

August 16, 2017 by Cofense in PhishingInternet Security Awareness

When it comes to cyberattacks, small businesses are big targets. That’s why we recently introduced PhishMe® Free, a no-cost, easy-to-use version of our award-winning anti-phishing simulation solution.


Even the “Smart Ones” Fall for Phishing

August 4, 2017 by Heather McCalley in PhishingInternet Security AwarenessMalware Analysis

It’s easy to believe that phishing only happens to people who aren’t smart enough to detect it. This simply isn’t true. As the tech-savvy developers at software company a9t9 have indicated in their statement[1] about a phishing incident last week, even smart developers can be fooled with a phish. As reported by Tripwire, a Chrome plugin developer fell for a phishing attack that allowed the threat actor to take control of a9t9’s account in the Chrome Store.  This means that the Copyfish plugin built by a9t9 was no longer under its control.  Meanwhile, the plugin has already been used to...


Threat Actors Use Advanced Delivery Mechanism to Distribute TrickBot Malware

August 1, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

Threat actors’ consistent pursuit of improved efficiency is a key characteristic of the phishing threat landscape. One method for improving efficiency is to use a unique delivery technique that not only allows threat actors to distribute malware but also succeeds in evading anti-virus software and technologies.


Ribbon Cutting – Running Macros with CustomUI Elements

July 28, 2017 by Cofense in Malware AnalysisPhishing

PhishMe® Research has generally seen macro execution in PowerPoint tied to specific actions and events, such as a mouse interaction with an object or custom actions. But the “Ribbon Cutting” technique uses a different method; it runs macro code by creating a UI callback that is triggered when the file is opened. Although in the example below we use PowerPoint, the technique can be used in other Office applications that support ribbon customizations.


Threat Actor Employs Hawkeye Malware with Multiple Infection Vectors

July 24, 2017 by Cofense in Phishing Defense CenterInternet Security AwarenessMalware Analysis

On July 13, 2017, the Phishing Defense Center reviewed a phishing campaign delivering Hawkeye, a stealthy keylogger, disguised as a quote from the Pakistani government’s employee housing society. Although actually a portable executable file [1], once downloaded, it masquerades its icon as a PDF. 


Karo Ransomware Raises Stakes for Victims by Threatening to Disclose Private Information

July 13, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

A ransomware victim must have a compelling reason to go through the burdensome process of obtaining Bitcoin and paying the ransom. For many victims, the threat of permanently losing access to their files is enough. However, some ransomware authors and criminals seek to push victims harder by raising the stakes even further.


Threat Actors Continue Abusing Google Docs and Other Cloud Services to Deliver Malware

July 6, 2017 by Cofense in Internet Security AwarenessMalware AnalysisPhishing

A key part of phishing threat actors’ mission is to create email narratives and leverage malware delivery techniques that reduce the likelihood of detection. By combining compelling social engineering with seemingly benign content, threat actors hope to bypass technical controls and to convince their human victims of a phishing email’s legitimacy. One method with a long history of use is the abuse of Google Docs file sharing URLs to deliver malware content to victims. Because Google Docs and other cloud services may be trusted within an enterprise, threat actors will continue to abuse file sharing services to possibly bypass firewalls...


Beware of phishing emails using Dropbox links

June 2, 2014 by Cofense in Phishing

Several weeks ago, I wrote a blog entry about phishing emails using zip files with executable files attached to them. Using PhishMe Reporter, several of our users (yes, we use our own tools internally) successfully identified a new round of phishing, this time using Dropbox links in the body.


What do Takedown Vendors and Fire Hydrants Have in Common?

June 2, 2014 by Cofense in Internet Security Awareness

What, you may ask, do takedown vendors and fire hydrants have in common?  Well, perhaps more than one might think. In this post, we’ll examine a couple of different aspects: what they do and their intended use, their impact on us and our businesses and where they fall short in protecting us and our assets from harm and how we can address these shortcomings. Let’s start with what each does and their intended use.  Both are intended to protect us from further harm once a threat to our security and wellbeing are identified.  In the case of the fire hydrant, water is provided by...


What we’re reading about the Chinese hacking charges

May 21, 2014 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

While the full implications from yesterday’s DoJ indictment of five Chinese hackers on charges of cyber crime are yet to be fully seen, these charges have already succeeded in elevating cyber crime from a niche discussion to an important debate in society at-large. Furthermore, just as last year’s APT1 report did, the court documents provide a detailed glimpse at the tactics China is using to steal trade secrets from the world’s largest corporations (not surprisingly, phishing continues to be the favored attack method). There has been a lot of media attention on this story, so we’ve put together a list...


SIEM: So Many Alerts, So Little Time

May 15, 2014 by Cofense in Internet Security Awareness

Software vendors participate in industry events for various reasons. We attend to share information as speakers and to learn as attendees. You’ll see us sponsor tote bags, snack stations, and even lunch. We are there to raise awareness of our solutions and generate leads for our sales team. We like scanning badges as much as you like getting schwag but for most vendors like us, the best use of our time in the booth is not spent waving a scanner. It is “events season” in the security world and PhishMe has been an active participant in events like RSA, FS-ISAC...


Phishing Attacks Target Google Users with Weakness in Chrome: What You Need to Know

May 14, 2014 by Cofense in Internet Security Awareness

If your employees are users of Google Chrome and/or Mozilla Firefox, your network could be vulnerable to a unique phishing attack targeting the two most widely-used browsers in the world. Several media outlets are covering the uniform resource identifiers (URI) exploit, which Google Chrome and other web browsers utilize in order to display data. This attack, which is difficult to identify via traditional methods, allows cybercriminals to gain access to Google Play, Google+ and Google Drive. This means that any sensitive information stored within each of those areas is up for the taking. In the case of Google Play that means...


Abusing Google Canary’s Origin Chip makes the URL completely disappear

May 6, 2014 by Aaron Higbee in Internet Security Awareness

Canary, the leading-edge v36 of the Google Chrome browser, includes a new feature that attempts to make malicious websites easier to identify by burying the URL and moving the domains from the URI/URL address bar (known in Chrome as the “Omnibox”) into a location now known as “Origin Chip”. In theory, this makes it easier for users to identify phishing sites, but we’ve discovered a major oversight that makes the reality much different. Canary is still in beta, but a flaw that impacts the visibility of a URL is typically something we only see once every few years. We’ve discovered...


Numbers of Victims of Cybercrime are Soaring

April 30, 2014 by Cofense in Internet Security Awareness

Reports from law enforcement agencies around the world show that there have been even more victims of cybercrime in the past 12 months than in any other year. Attacks are being conducted alarmingly frequently, and cybercriminals are becoming even more brazen. However, cybercrime is still not dealt with in the same way as other types of crime. Say you leave home, only to return to your front door kicked in. Everything of value has been stolen. What would you do? You’d call the police immediately, right? Now pretend you get an email from what looks to be your bank. They...


Phishing with a malicious .zip attachment

April 29, 2014 by Cofense in Phishing

A few weeks ago, we received a round of phishing emails with malware that seemed a little more special than your run-of-the-mill ZeuS, so we decided to give it some analysis. The email was reported by a user at PhishMe. We really do drink our own kool-aid. Figure 1 shows a screenshot of the email that is being analyzed.


HTML Attachment Phishing: What You Need to Know

April 23, 2014 by Cofense in Phishing

Are you aware of HTML attachment phishing? It is one of the latest trends with cybercriminals. Instead of emailing downloaders that contact C7C servers to download crypto malware, Troijans, or other nasties, HTML attachments are being sent. HTML attachment phishing is less well known, and as a result, many people are falling for phishing scams. Even though this past weekend was a holiday weekend for many, there is a good chance that you still checked your email fairly often. If you are like me, you typically use your phone or another mobile device to check your email on the go....


Watering Holes vs. Spear Phishing

April 22, 2014 by Cofense in Phishing

How Does A Watering Hole Attack Work? Water holing attacks originate by compromising trusted websites and infecting the computers or other devices that visit that site. A successful watering hole attack casts a wide net and has the potential to compromise a large number of users across multiple organizations. This flood of information is a double-edged sword, as attackers have to parse through a large amount of data to find information of value. Additionally, these attacks often exploit zero-day vulnerabilities, so their increased popularity means attackers are burning through zero-days faster, and companies are responding faster as well, stopping attacks...