Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

How Dridex Threat Actors Craft Phishing Attacks, No Exploits Necessary

April 18, 2017 by Cofense in Malware AnalysisPhishingRansomware

Threat actors using the Dridex botnet malware received a great deal of attention recently for their purported utilization of content exploiting a previously un-patched vulnerability in Microsoft Word. This exploit, which took advantage of unexpected behavior in the handling of certain document types, was reportedly used to deliver the Dridex botnet malware via documents attached to phishing emails. However, the bulk of Dridex campaigns leverage far more common delivery techniques that abuse the functionality that already exists in Microsoft Office and Adobe Reader rather than deploying some complex exploit content. This serves as a reminder that threat actors don’t always...

READ MORE

Wide-Spread Ursnif Campaign Goes Live

April 11, 2017 by Cofense in Phishing Defense Center

On April 5th, our Phishing Defense Center received a flurry of emails with subject line following a pattern of Lastname, firstname. Attached to each email was a password-protected .docx Word document with an embedded OLE package. In all cases the attachments were password protected to decrease the likelihood of detection by automated analysis tools. A password was provided to the victim in the body of the email which attempts to lure the victim into opening the malicious attachment and to increase the apparent legitimacy of the message. 

READ MORE

Malware Delivery OLE Packages Carve Out Market Share in 2017 Threat Landscape

April 10, 2017 by Cofense in PhishingMalware AnalysisThreat Intelligence

In the first quarter of 2017, PhishMe Intelligence has noted an increase in malware distributors utilizing OLE packages in order to deliver malware content to victims. This current trend was first noted in December 2016 with close association to the delivery of the Ursnif botnet malware. This technique abuses Microsoft Office documents by prompting the victim to double-click an embedded icon to access some content. These objects are used to write a script application to disk that facilitates the download and execution of a malware payload. This method adds to another iteration of techniques threat actors use to evade anti-analysis...

READ MORE

Dridex Threat Actors Reinvigorate Attacks with Sizable, Concurrent Campaigns

April 6, 2017 by Cofense in Threat IntelligenceMalware AnalysisPhishing

One of the most historically effective techniques for gaining new infections for the powerful Dridex botnet malware has been sizable sets of widely-distributed phishing email. While these large campaigns have been intermittent for several months, the past week’s Dridex distributions have shown a renewed vigor with several larger campaigns being launched both concurrently and repeatedly. Many of these campaigns return to well-used and previously-successful email templates and malware delivery tools that had seen earlier utilization in conjunction with both Dridex deliveries and the delivery of other malware tools. On March 30, 2017 three distinct sets of phishing emails were identified...

READ MORE

PhishMe End-to-End Phishing Mitigation Solution Delivers ROI, Operational Efficiency and Reduced Susceptibility

April 5, 2017 by Cofense in PhishingCofense News

Before investing in any type of security solution, you need to know your money will be well spent. That’s especially true for security professionals shopping for antiphishing solutions, hence why PhishMe commissioned Forrester Research, Inc. to research the effectiveness of PhishMe’s complete phishing defense solution among key customers.

READ MORE

W-2 Fraud – Tax Season and All Year Long

April 4, 2017 by Cofense in Phishing Defense Center

It’s the time of year when Taxes are on everyone’s mind – especially Phishers! The stress of filing.  The stress of gathering all the documents.  The stress of reporting.  The stress of the deadline.  All of that on top of everything else you have to do this time of year makes tax time phishing a favorite and highly successful annual event for phishing scams. However, once the filing is completed, it doesn’t mean the campaigns will stop.  W2 and CEO fraud are timeless phishing campaigns that run all year long.

READ MORE

Spam is Spam, Phishing is Phishing, but Phishing is not Spam

April 3, 2017 by Aaron Higbee in PhishingInternet Security Awareness

Problems arise when we use the terms Spam and Phishing interchangeably. At the risk of sounding persnickety, I’m going to try to build the case of why we need to stop confusing Spam and Phishing.

READ MORE

Tales from the Trenches:  Loki Bot Malware

March 23, 2017 by Cofense in Phishing Defense Center

On March 15, 2017, our Phishing Defense Center observed several emails with the subject line “Request for quotation” pretending to award Shell Oil Company contracts – a very targeted subject tailored to the receiver. As with most phishing emails, there is a compelling call to action for the receiver, in this case a contract award from a well-known organization. And, an added bonus unknown to the receiver, the emails also contained a malicious attachment designed to siphon data from its targets. Included is an example of one of these emails along with basic Triage header information. Each email analyzed contained instructions...

READ MORE

What is Actionable Intelligence?

March 23, 2017 by Cofense in Threat IntelligenceInternet Security Awareness

Do you know what is actionable intelligence? Do you know the difference between threat intelligence and actionable intelligence? If not, read on. The term actionable intelligence has joined the ranks of threat intelligence, big data and more words that are used in well-meaning ways, but are ultimately meaningless. Don’t get us wrong, like many other vendors, we use these phrases to describe what we do. However, because there are so many companies out there using these terms with their own meanings attached to them, we feel the need to write this blog post and hopefully do right by the technology and service...

READ MORE

Tax-time Phishing: A Global Problem

March 9, 2017 by Cofense in Phishing

I don’t think anyone likes to do taxes… unless you’re an accountant. Maybe. Collecting all the documents, knowing which ones are needed, completing them in time, and handing over payments is a headache for individuals and companies alike. Phishing threat actors know this and will try to take advantage. The United States Internal Revenue Service provides lots of resources about recent and relevant phishing attacks and scams targeting American taxpayers. Their international counterparts in the United Kingdom and Australia also provide extensive resources on recent attacks impacting their taxpayers. One important aspect of the material provided by these organizations is...

READ MORE

An untapped resource to improve threat detection

July 31, 2013 by Cofense in Internet Security AwarenessThreat Intelligence

Speaking in front of the House Committee on Special Intelligence earlier this year, Kevin Mandia (CEO of Mandiant) remarked that, “One of the most valuable resources in detecting and responding to cyber attacks is accurate and timely threat intelligence.”  Despite its value, many organizations don’t have a way to get timely threat intelligence. How can organizations improve in this area? If you know anything about us, it probably won’t shock you that we’re encouraging enterprises to focus on their users as a source of real-time threat intelligence. Given that the vast majority of targeted attacks focus on the end user...

READ MORE

Double Barrel Throwdown Contest Terms and Conditions

July 16, 2013 by Cofense in Phishing

Please read before entering, as entry in this contest constitutes acceptance of these rules. No purchase is necessary to participate. The contest is open to all entrants who submit a valid entry form using a qualified email address. ENTRY IN THIS CONTEST CONSTITUTES YOUR ACCEPTANCE OF THESE OFFICIAL RULES The Double Barrel Throwdown (the “Contest”) is a competition to produce the most original, persuasive, and realistic Double Barrel phishing scenarios. PhishMe’s panel – composed of PhishMe employees – will select the best entry according to those criteria, with the winner receiving a Google Nexus tablet. To submit a valid entry...

READ MORE

Can a simulated phishing attack be counterproductive?

July 8, 2013 by Cofense in Internet Security AwarenessPhishing

I always enjoy reading articles from IT professionals who have sent simulated phishing exercises to their employees.  As I checked my email over the weekend my good friends at Google were kind enough to alert me about a new article from Tom Cochran, CTO of Atlantic Media, on this subject so I poured a fresh cup of coffee and started to read.

READ MORE

The Phish Chain: Phishing Attack from Start to Finish

June 18, 2013 by Cofense in Phishing

A few years ago, Computer Security Intelligence expert, Mike Cloppert discussed the Cyber Kill Chain, the process through which a cybercriminal uses malware to attack the victim. In a recent webinar titled “How to Use Email-based Threat Intelligence To Catch a Phish,” Securosis’ Mike Rothman applied Cloppert’s methodology to how cyberattacks work in the instance of a phishing attack. The kill chain begins with weaponization and ends with monetization, the point at which credentials are stolen. In this post, we’ll dig into the Phish Food Chain, as explained by Mike Rothman and discuss how cybercriminals utilize this process to attack your brand. Let’s take...

READ MORE

What is MTTK and Why is it Important to Cybersecurity?

June 10, 2013 by Cofense in Internet Security Awareness

There has been much talk recently about MTTK, but what is MTTK and why is it so important? This post explores the term and explains why MTTK is such an important concept in cybersecurity terms. When your organization is attacked, how long does it take you to know that the attack is taking place? Of course, we’d all like to be able to answer “right away.” However, for many companies that isn’t the case. Examples of phishing attacks lodged against major brands who don’t discover that they are being phished until months later have become commonplace. When a phishing attack...

READ MORE

Build Phishing Countermeasures to Protect Your Brand

May 22, 2013 by Cofense in PhishingThreat Intelligence

Corporations fight phishing each and every day. Large and recognizable financial institutions, retail companies, internet service providers/telecommunication companies are among those most heavily targeted victims of phishing. While the aftermath of a phishing attack is costly and yields long-term consequences, it’s quite difficult to keep up with cybercriminals. It’s shockingly easy for cybercriminals to create a phishing site targeted at your brand, so easy that the cybercriminal simply needs to unpack and upload a pre-built “phishing kit” in order to create a new phishing website. Just one phishing kit can produce hundreds of phishing URLs. With just a few clicks...

READ MORE

DMARC Failed to Protect Against Walmart Spam

May 20, 2013 by Cofense in Internet Security Awareness

Think that DMARC is all that you need to prevent your company from email spam? Think again. Last week, there was a spam campaign that imitated a Walmart.com receipt. An email was sent to Walmart customers falsely confirming the purchase of a large flat screen TV costing approximately $1,000. The cinematic home experience was to be enjoyed by someone else, since the receipt showed the item was being shipped to an address that would be unfamiliar to the customer. Upon receiving this email, the natural reaction would be to click on the link in email to find out more about...

READ MORE

Do young employees present a phishing risk?

May 7, 2013 by Aaron Higbee in Phishing

Spring. For some it signals rejuvenation, rebirth, everything blooming…but for security administrators it can mean new security risk. Spring means that the next round of college seniors will be entering the workforce soon, which for phishers means a fresh group of targets. Hopefully their college educations have prepared them for the majority of challenges they will face, but when it comes to phishing that is unlikely. The types of phishing emails students and consumers receive are quite different from what employees receive, and without training, young employees can’t be expected to avoid tactics they haven’t seen.

READ MORE

2-factor authentication wouldn’t have prevented AP Twitter hack

April 23, 2013 by Aaron Higbee in Internet Security AwarenessPhishing

When a hacked Twitter account spreads false news of an explosion at the White House and causes hysteria that spurs a 140 point drop in the stock market, it should encourage calls for Twitter to bolster its security measures, so it’s no surprise that many are clamoring for Twitter to offer 2-factor authentication. One problem with this – news outlets are reporting that hackers gained access to the AP’s account through a phishing attack. While 2-factor authentication makes it more difficult to phish an account, it will not prevent this type of attack from being successful (nor will a more...

READ MORE