Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Aaron Higbee Chats Google Doc Scam and other Phishing Trends on the Charles Tendell Show

May 11, 2017 by Cofense in PhishingInternet Security Awareness

This week, our co-founder and Chief Technology Officer Aaron Higbee had an opportunity to discuss the recent Google Docs phishing scam on the The Charles Tendell Show.

READ MORE

FireEye: Russians, Others Exploiting Zero-day Microsoft Office Vulnerabilities

May 9, 2017 by Cofense in Phishing

FireEye has identified three new zero-day vulnerabilities in Microsoft Office products that have been exploited by Russian cyber espionage entities and a yet-to-be-identified group.

READ MORE

Bogus Claim: Google Doc Phishing Worm Student Project

May 5, 2017 by Aaron Higbee in PhishingInternet Security AwarenessMalware Analysis

According to internet sources, Eugene Pupov is not a student at Coventry University. Since the campaign’s recent widespread launch, security experts and internet sleuths have been scouring the internet to discover the actor responsible for yesterday’s “Google Doc” phishing worm. As parties continued their investigations into the phishing scam, the name “Eugene Popov” has consistently popped up across various blogs that may be tied to this campaign. A blog post published yesterday by endpoint security vendor Sophos featured an interesting screenshot containing a string of tweets from the @EugenePupov Twitter handle claiming the Google Docs phishing campaign was not a...

READ MORE

Google Doc Phishing Attack Hits Fast and Hard

May 3, 2017 by Cofense in PhishingPhishing Defense Center

Google Doc Campaign Makes a Mark In the process of managing phishing threats for our customers, our Phishing Defense Center and PhishMe Intelligence teams saw a flood of suspicious emails with subject line stating that someone has “has shared a document on Google Docs with you”, which contained a link to “Open in Docs”. The “Open in Docs” link goes to one of several URLs all within the https://accounts.google.com website.

READ MORE

April Sees Spikes in Geodo Botnet Trojan

May 2, 2017 by Cofense in PhishingPhishing Defense Center

Throughout April, our Phishing Defense Team observed an increase in malicious URLs that deliver the financial crimes and botnet trojan known as Geodo. These emails take a simple approach to social engineering, using just a sentence or two prompting the victim to click on a link to see a report or invoice that has been sent to them. An example of a typical phishing email used in these attacks is shown below: Following the malicious links will lead the victim to download a hostile JavaScript application or PDF document tasked with obtaining and executing Geodo malware. One common attribute of...

READ MORE

Orange is the New Hack?

May 1, 2017 by Cofense in PhishingInternet Security Awareness

One of the most popular Netflix series, Orange is the New Black, scored an early parole due to some bad behavior this weekend. TheDarkOverload, the group claiming responsibility for the hack, already released the season five premier and is threatening to release “a trove of unreleased TV shows and movies.”

READ MORE

BEC Scams Hit Technology Giants for over $100 Million Dollars

April 28, 2017 by Cofense in PhishingInternet Security Awareness

Even the biggest companies fall for it. This week, reports showed that Business Email Compromise (BEC) scams, sometimes referred to as CEO Fraud Emails, netted over $100 million dollars from Facebook and Google. While people are increasingly aware of phishing emails containing links and attachments, BEC scams (also known as CEO Fraud) continue to reward criminals with alarming effectiveness. These phishing scams fly past traditional security roadblocks because there are no URLs or Attachments to scan.

READ MORE

Off-the-shelf Zyklon Botnet Malware Utilized to Deliver Cerber Ransomware

April 24, 2017 by Cofense in Malware AnalysisPhishingThreat Intelligence

Recent, large-scale distributions of the Zyklon botnet malware mark a continuing trend of off-the-shelf malware use. This multipurpose trojan, capable of supporting numerous criminal activities, has been identified in phishing attacks more and more frequently through the month of April. The bulk of these campaign have leveraged resume- and job-applicant-themed messaging as in the phishing narrative. The most recent analyses of this distribution have shown that the threat actors are attempting to leverage the malware’s full feature set by not only using it as an information stealer, but also as a downloader used to obtain and deploy the Cerber ransomware...

READ MORE

Locky Stages Comeback Borrowing Dridex Delivery Techniques

April 21, 2017 by Cofense in RansomwareMalware AnalysisPhishing

The ransomware that defined much of the phishing threat landscape in 2016 raged back into prominence on April 21, 2017 with multiple sets of phishing email messages. Harkening back to narratives used throughout 2016, these messages leveraged simple, easily-recognizable, but perennially-effective phishing lures to convince recipients to open the attached file.

READ MORE

Does your Incident Response Plan include Phishing?

April 20, 2017 by Cofense in Phishing Defense CenterCyber Incident ResponsePhishing

It’s no secret that 90% of breaches start with a phishing attack. The question is: are you prepared to recognize phishing and respond to it? Many organizations are concerned with how much spam they receive and implement controls specific to spam. But you shouldn’t confuse preventing spam with responding to phishing attacks.

READ MORE

How do you make security awareness engaging?

September 24, 2013 by Cofense in Internet Security Awareness

Think back to all of the corporate training you’ve sat through during your career. Chances are (especially if you’ve worked at a large enterprise), that some of that training had little relevance to your job duties. How much knowledge from those courses did you retain? Although you technically completed the training, would you have been able to apply any of the information you were given in real life? For many employees, security awareness training falls into this category. It’s something they probably don’t care about, and that doesn’t help them do their jobs. This is why traditional awareness training has...

READ MORE

There are Different Types of Cybercriminals: Which are the Most Dangerous?

September 20, 2013 by Cofense in Internet Security Awareness

When we speak about cybercrimes, such as phishing and malware attacks, we tend to lump cybercriminals into one category but there are many different types of cybercriminals. They are not all motivated to steal credentials that lead to some sort of financial theft. While those types of crimes do occur, it is important to distinguish between the different types of cybercriminals that comprise today’s threatscape. Here are cybercriminal examples in operation today: Nation-states:Most notably, China, Iran, other nation-states looking to steal and infiltrate data. Hacktivists: Activists or groups (like WikiLeaks) seeking to steal data and release it publicly. Professional Cybercriminals:This group...

READ MORE

How to Integrate Anti-Phishing Solutions into Existing Security Infrastructure

September 18, 2013 by Cofense in Phishing

Today, we answer the question “How do I integrate anti-phishing solutions into my existing security infrastructure?” Today, layered security and perimeter-based security solutions are less effective than they used to be. Organizations tend to lump these things together as anti-phishing solutions as they deal with traditional symptoms of phishing problems – cybercriminals luring you to another site or emails with malware attachments. The great thing about phishing intelligence solutions is they fit in with other solutions that you have in place, supporting standards such as XML, where the data you consume is normalized and delivered in the form of an...

READ MORE

Negative reinforcement: How NOT to improve user behavior

September 16, 2013 by Rohyt Belani in Internet Security Awareness

One of the interesting aspects of security awareness training is the intersection of information security with human resources. We know from experience that security practitioners are not always experts in the latter, but what we recently saw from Dave Clemente was a real doozy. Clemente suggested that employees who engage in unsafe IT security behavior (such as clicking on phishing links) be reprimanded and that unsafe behavior should even negatively affect their performance review. To the security part of your mind, it might feel good to punish people for their security sins. We need to remember, however, that the ultimate...

READ MORE

For effective security awareness, keep it focused

September 10, 2013 by Rohyt Belani in Internet Security Awareness

In their book, “Switch: How to Change Things When Change is Hard” authors Chip and Dan Heath examine how influencing humans to change requires appealing to two parts of the brain: the rational and the emotional. Since the emotional part of our brain often gets frustrated when asked to make huge changes, Chip and Dan recommend that we “shrink the change” to change behavior in the face of resistance. The Heaths cite financial guru Dave Ramsey’s “Debt Snowball” strategy as an effective example of shrinking the change. For people mired in a mountain of debt, this strategy advocates paying off...

READ MORE

Cost of Phishing for Businesses

September 4, 2013 by Cofense in Phishing

We’re always talking about the cost of phishing for businesses, but why? Well, you might be surprised to learn that the true costs of phishing aren’t as obvious as you may suspect. Phishing, of course, is not a new problem. It’s in fact a very old problem that has its roots 20 years ago when people used floppy disks and moved from computer to computer in the good old days of the “sneakernet.” While phishing is not a new problem, it remains a very viable threat to many organizations – particularly financial institutions, e-commerce companies and government organizations. Rarely a...

READ MORE

Top Phishing Concerns of DNS Providers

August 29, 2013 by Cofense in Internet Security AwarenessThreat Intelligence

Twitter and the New York Times were hacked this week, which means that they have officially joined the ranks of other major news organizations, including the Financial Times and Washington Post who have been targeted by hackers over the past few months. So, how’d it happen? Three things: hacker groups, DNS providers and spear phishing. The Syrian Electronic Army (SEA) appears to be taking credit for this attack, as their logo was prominently displayed at NYTimes.com when the site was compromised. The SEA, a hacker group, protesting Syrian President Bashar Al-Assad, launched the attack in order to generate high profile awareness...

READ MORE

To make training stick, immerse employees

August 27, 2013 by Rohyt Belani in Internet Security Awareness

When aspiring pilots go through flight school, they learn both in a conventional ground setting and using a flight simulator. On the simulator, new pilots are immersed in the experience of flying, and receive real-time feedback about their decision making. Not surprisingly, the simulator is seen as a more effective training tool than conventional classroom training. One of the greatest challenges facing security awareness initiatives is providing employees with an experience they will actually remember and retain. Training users to avoid risky security behavior is not nearly as complicated as teaching someone to fly a plane, but just like with...

READ MORE

Syrian Electronic Army continues to carry out successful data-entry phishing attacks

August 20, 2013 by Aaron Higbee in Phishing

When the Syrian Electronic Army nailed a number of prominent media outlets earlier this year, we were pleased to see a number of open and honest responses from those that were breached, notably from The Onion and The Financial Times. Last week, the SEA was at it again, successfully hacking content recommendation service Outbrain, an attack which provided a foothold to compromise media behemoths The Washington Post, Time, and CNN. The SEA attacked Outbrain with largely the same tactics it has used so successfully in the past few months, by eliciting log-in credentials through a phishing email, the same tactics...

READ MORE

To improve security awareness, think marketing

August 13, 2013 by Rohyt Belani in Internet Security Awareness

Security awareness is a term that often makes IT security pros cringe. It brings to mind images of mind-numbing training or of ineffectual posters and stress balls urging employees to change their passwords frequently. Based on years of experience working with enterprises and other large organizations, we are launching a new blog series, “7 Principles Critical to Security Awareness Programs”, that will offer some insight in concepts we have incorporated in our solution to demonstrably improve security awareness for our customers. The first topic we will address is marketing. Changing behavior is one of the greatest challenges security officers face...

READ MORE