Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

BEC Scams Hit Technology Giants for over $100 Million Dollars

April 28, 2017 by Cofense in PhishingInternet Security Awareness

Even the biggest companies fall for it. This week, reports showed that Business Email Compromise (BEC) scams, sometimes referred to as CEO Fraud Emails, netted over $100 million dollars from Facebook and Google. While people are increasingly aware of phishing emails containing links and attachments, BEC scams (also known as CEO Fraud) continue to reward criminals with alarming effectiveness. These phishing scams fly past traditional security roadblocks because there are no URLs or Attachments to scan.

READ MORE

Off-the-shelf Zyklon Botnet Malware Utilized to Deliver Cerber Ransomware

April 24, 2017 by Cofense in Malware AnalysisPhishingThreat Intelligence

Recent, large-scale distributions of the Zyklon botnet malware mark a continuing trend of off-the-shelf malware use. This multipurpose trojan, capable of supporting numerous criminal activities, has been identified in phishing attacks more and more frequently through the month of April. The bulk of these campaign have leveraged resume- and job-applicant-themed messaging as in the phishing narrative. The most recent analyses of this distribution have shown that the threat actors are attempting to leverage the malware’s full feature set by not only using it as an information stealer, but also as a downloader used to obtain and deploy the Cerber ransomware...

READ MORE

Locky Stages Comeback Borrowing Dridex Delivery Techniques

April 21, 2017 by Cofense in RansomwareMalware AnalysisPhishing

The ransomware that defined much of the phishing threat landscape in 2016 raged back into prominence on April 21, 2017 with multiple sets of phishing email messages. Harkening back to narratives used throughout 2016, these messages leveraged simple, easily-recognizable, but perennially-effective phishing lures to convince recipients to open the attached file.

READ MORE

Does your Incident Response Plan include Phishing?

April 20, 2017 by Cofense in Phishing Defense CenterCyber Incident ResponsePhishing

It’s no secret that 90% of breaches start with a phishing attack. The question is: are you prepared to recognize phishing and respond to it? Many organizations are concerned with how much spam they receive and implement controls specific to spam. But you shouldn’t confuse preventing spam with responding to phishing attacks.

READ MORE

How Dridex Threat Actors Craft Phishing Attacks, No Exploits Necessary

April 18, 2017 by Cofense in Malware AnalysisPhishingRansomware

Threat actors using the Dridex botnet malware received a great deal of attention recently for their purported utilization of content exploiting a previously un-patched vulnerability in Microsoft Word. This exploit, which took advantage of unexpected behavior in the handling of certain document types, was reportedly used to deliver the Dridex botnet malware via documents attached to phishing emails. However, the bulk of Dridex campaigns leverage far more common delivery techniques that abuse the functionality that already exists in Microsoft Office and Adobe Reader rather than deploying some complex exploit content. This serves as a reminder that threat actors don’t always...

READ MORE

Wide-Spread Ursnif Campaign Goes Live

April 11, 2017 by Cofense in Phishing Defense Center

On April 5th, our Phishing Defense Center received a flurry of emails with subject line following a pattern of Lastname, firstname. Attached to each email was a password-protected .docx Word document with an embedded OLE package. In all cases the attachments were password protected to decrease the likelihood of detection by automated analysis tools. A password was provided to the victim in the body of the email which attempts to lure the victim into opening the malicious attachment and to increase the apparent legitimacy of the message. 

READ MORE

Malware Delivery OLE Packages Carve Out Market Share in 2017 Threat Landscape

April 10, 2017 by Cofense in PhishingMalware AnalysisThreat Intelligence

In the first quarter of 2017, PhishMe Intelligence has noted an increase in malware distributors utilizing OLE packages in order to deliver malware content to victims. This current trend was first noted in December 2016 with close association to the delivery of the Ursnif botnet malware. This technique abuses Microsoft Office documents by prompting the victim to double-click an embedded icon to access some content. These objects are used to write a script application to disk that facilitates the download and execution of a malware payload. This method adds to another iteration of techniques threat actors use to evade anti-analysis...

READ MORE

Dridex Threat Actors Reinvigorate Attacks with Sizable, Concurrent Campaigns

April 6, 2017 by Cofense in Threat IntelligenceMalware AnalysisPhishing

One of the most historically effective techniques for gaining new infections for the powerful Dridex botnet malware has been sizable sets of widely-distributed phishing email. While these large campaigns have been intermittent for several months, the past week’s Dridex distributions have shown a renewed vigor with several larger campaigns being launched both concurrently and repeatedly. Many of these campaigns return to well-used and previously-successful email templates and malware delivery tools that had seen earlier utilization in conjunction with both Dridex deliveries and the delivery of other malware tools. On March 30, 2017 three distinct sets of phishing emails were identified...

READ MORE

PhishMe End-to-End Phishing Mitigation Solution Delivers ROI, Operational Efficiency and Reduced Susceptibility

April 5, 2017 by Cofense in PhishingCofense News

Before investing in any type of security solution, you need to know your money will be well spent. That’s especially true for security professionals shopping for antiphishing solutions, hence why PhishMe commissioned Forrester Research, Inc. to research the effectiveness of PhishMe’s complete phishing defense solution among key customers.

READ MORE

W-2 Fraud – Tax Season and All Year Long

April 4, 2017 by Cofense in Phishing Defense Center

It’s the time of year when Taxes are on everyone’s mind – especially Phishers! The stress of filing.  The stress of gathering all the documents.  The stress of reporting.  The stress of the deadline.  All of that on top of everything else you have to do this time of year makes tax time phishing a favorite and highly successful annual event for phishing scams. However, once the filing is completed, it doesn’t mean the campaigns will stop.  W2 and CEO fraud are timeless phishing campaigns that run all year long.

READ MORE

Top Phishing Concerns of DNS Providers

August 29, 2013 by Cofense in Internet Security AwarenessThreat Intelligence

Twitter and the New York Times were hacked this week, which means that they have officially joined the ranks of other major news organizations, including the Financial Times and Washington Post who have been targeted by hackers over the past few months. So, how’d it happen? Three things: hacker groups, DNS providers and spear phishing. The Syrian Electronic Army (SEA) appears to be taking credit for this attack, as their logo was prominently displayed at NYTimes.com when the site was compromised. The SEA, a hacker group, protesting Syrian President Bashar Al-Assad, launched the attack in order to generate high profile awareness...

READ MORE

To make training stick, immerse employees

August 27, 2013 by Rohyt Belani in Internet Security Awareness

When aspiring pilots go through flight school, they learn both in a conventional ground setting and using a flight simulator. On the simulator, new pilots are immersed in the experience of flying, and receive real-time feedback about their decision making. Not surprisingly, the simulator is seen as a more effective training tool than conventional classroom training. One of the greatest challenges facing security awareness initiatives is providing employees with an experience they will actually remember and retain. Training users to avoid risky security behavior is not nearly as complicated as teaching someone to fly a plane, but just like with...

READ MORE

Syrian Electronic Army continues to carry out successful data-entry phishing attacks

August 20, 2013 by Aaron Higbee in Phishing

When the Syrian Electronic Army nailed a number of prominent media outlets earlier this year, we were pleased to see a number of open and honest responses from those that were breached, notably from The Onion and The Financial Times. Last week, the SEA was at it again, successfully hacking content recommendation service Outbrain, an attack which provided a foothold to compromise media behemoths The Washington Post, Time, and CNN. The SEA attacked Outbrain with largely the same tactics it has used so successfully in the past few months, by eliciting log-in credentials through a phishing email, the same tactics...

READ MORE

To improve security awareness, think marketing

August 13, 2013 by Rohyt Belani in Internet Security Awareness

Security awareness is a term that often makes IT security pros cringe. It brings to mind images of mind-numbing training or of ineffectual posters and stress balls urging employees to change their passwords frequently. Based on years of experience working with enterprises and other large organizations, we are launching a new blog series, “7 Principles Critical to Security Awareness Programs”, that will offer some insight in concepts we have incorporated in our solution to demonstrably improve security awareness for our customers. The first topic we will address is marketing. Changing behavior is one of the greatest challenges security officers face...

READ MORE

An untapped resource to improve threat detection

July 31, 2013 by Cofense in Internet Security AwarenessThreat Intelligence

Speaking in front of the House Committee on Special Intelligence earlier this year, Kevin Mandia (CEO of Mandiant) remarked that, “One of the most valuable resources in detecting and responding to cyber attacks is accurate and timely threat intelligence.”  Despite its value, many organizations don’t have a way to get timely threat intelligence. How can organizations improve in this area? If you know anything about us, it probably won’t shock you that we’re encouraging enterprises to focus on their users as a source of real-time threat intelligence. Given that the vast majority of targeted attacks focus on the end user...

READ MORE

Double Barrel Throwdown Contest Terms and Conditions

July 16, 2013 by Cofense in Phishing

Please read before entering, as entry in this contest constitutes acceptance of these rules. No purchase is necessary to participate. The contest is open to all entrants who submit a valid entry form using a qualified email address. ENTRY IN THIS CONTEST CONSTITUTES YOUR ACCEPTANCE OF THESE OFFICIAL RULES The Double Barrel Throwdown (the “Contest”) is a competition to produce the most original, persuasive, and realistic Double Barrel phishing scenarios. PhishMe’s panel – composed of PhishMe employees – will select the best entry according to those criteria, with the winner receiving a Google Nexus tablet. To submit a valid entry...

READ MORE

Can a simulated phishing attack be counterproductive?

July 8, 2013 by Cofense in Internet Security AwarenessPhishing

I always enjoy reading articles from IT professionals who have sent simulated phishing exercises to their employees.  As I checked my email over the weekend my good friends at Google were kind enough to alert me about a new article from Tom Cochran, CTO of Atlantic Media, on this subject so I poured a fresh cup of coffee and started to read.

READ MORE

The Phish Chain: Phishing Attack from Start to Finish

June 18, 2013 by Cofense in Phishing

A few years ago, Computer Security Intelligence expert, Mike Cloppert discussed the Cyber Kill Chain, the process through which a cybercriminal uses malware to attack the victim. In a recent webinar titled “How to Use Email-based Threat Intelligence To Catch a Phish,” Securosis’ Mike Rothman applied Cloppert’s methodology to how cyberattacks work in the instance of a phishing attack. The kill chain begins with weaponization and ends with monetization, the point at which credentials are stolen. In this post, we’ll dig into the Phish Food Chain, as explained by Mike Rothman and discuss how cybercriminals utilize this process to attack your brand. Let’s take...

READ MORE

What is MTTK and Why is it Important to Cybersecurity?

June 10, 2013 by Cofense in Internet Security Awareness

There has been much talk recently about MTTK, but what is MTTK and why is it so important? This post explores the term and explains why MTTK is such an important concept in cybersecurity terms. When your organization is attacked, how long does it take you to know that the attack is taking place? Of course, we’d all like to be able to answer “right away.” However, for many companies that isn’t the case. Examples of phishing attacks lodged against major brands who don’t discover that they are being phished until months later have become commonplace. When a phishing attack...

READ MORE