About Cofense
About Cofense

Cofense Phishing Prevention & Email Security Blog


5 Reasons Hackers Target SMBs—and 1 Free Way to Fight Back

September 1, 2017 by Cofense in PhishingCyber Incident ResponseInternet Security Awareness

Last week PhishMe® released PhishMe® Free, a no-cost version of our award-winning anti-phishing solution, to protect SMBs from phishing attacks and resulting threats. A new PhishMe white paper shows the urgent need for SMBs to bolster their defenses.


10 Ways to Defend Against Business Email Compromise / CEO Email Fraud Scams

August 31, 2017 by Heather McCalley in Malware AnalysisInternet Security AwarenessPhishing

Cybercriminals continue to successfully hack and spoof emails to impersonate supervisors, CEOs, and suppliers and then request seemingly legitimate business payments. Because the emails look authentic and seem to come from known authority figures, many employees comply. But later they discover they’ve been tricked into wiring money or depositing checks into criminals’ bank accounts.


The Newest Delivery Method for the Locky Ransomware

August 29, 2017 by Cofense in Malware AnalysisPhishing

Since its introduction in early 2016 and throughout this year, the distribution of the Locky ransomware has been overwhelmingly facilitated by attached script applications written in JScript or Visual Basic. These script applications have been delivered as the content of an attached archive such as a Zip or RAR file delivered as part of the email messages.


Locky Ransomware Keeps Returning After Repeated Absences

August 23, 2017 by Cofense in PhishingMalware Analysis

It seems that each time the information security community is ready to declare the Locky ransomware dead and gone, phishing threat actors launch new campaigns with new characteristics. Locky’s presence on the threat landscape dates back to February 2016 when this malware formalized and matured the ransomware business model in phishing emails. Coupled with a tenacious distribution strategy, Locky dominated the phishing markets throughout 2016. Since early 2017, Locky’s presence on the threat landscape has been far more tepid. Its subdued presence on the threat landscape and intermittent distributions led to rumors that Locky was a thing of the past;...


Zeus Panda’s Modular Functions Provide Insight into Botnet Malware Capabilities

August 21, 2017 by Cofense in PhishingMalware Analysis

One core element of the information security mission is the successful assessment of the risk posed to an organization by a malware sample or malware variety delivered by a phishing email. In 2017, phishers have embraced the use of adaptable and flexible malware to gain initial footholds in a network before monetizing the infected host. The intersection of these two missions creates a scenario in which open-ended, adaptable botnet malware challenges information security professionals to prepare for a wide array of malware capabilities–in some case without much insight into the real risks posed by a malware tool. However, in some...


The PhishMe 2017 Excellence Awards Nominations are Open!

August 17, 2017 by Cofense in Phishing

Make your nominations for the 2017 PhishMe® Excellence Awards today! Every day, 1000s of companies use PhishMe as a cornerstone of their phishing defense program. The PhishMe Excellence Awards recognize the outstanding achievements of security professionals and organizations with innovative, successful anti-phishing and phishing defense programs to minimize the risk and impacts associated with phishing attacks.


Ransomware: Don’t Make It Too Easy to Hit Your WordPress Site

August 17, 2017 by Aaron Higbee in Internet Security AwarenessMalware Analysis

Ransomware is a business.  And like all smart business people, hackers look for efficiencies to increase revenue and lower cost of delivery.


PhishMe Free Launches to Protect SMBs

August 16, 2017 by Cofense in PhishingInternet Security Awareness

When it comes to cyberattacks, small businesses are big targets. That’s why we recently introduced PhishMe® Free, a no-cost, easy-to-use version of our award-winning anti-phishing simulation solution.


Even the “Smart Ones” Fall for Phishing

August 4, 2017 by Heather McCalley in PhishingInternet Security AwarenessMalware Analysis

It’s easy to believe that phishing only happens to people who aren’t smart enough to detect it. This simply isn’t true. As the tech-savvy developers at software company a9t9 have indicated in their statement[1] about a phishing incident last week, even smart developers can be fooled with a phish. As reported by Tripwire, a Chrome plugin developer fell for a phishing attack that allowed the threat actor to take control of a9t9’s account in the Chrome Store.  This means that the Copyfish plugin built by a9t9 was no longer under its control.  Meanwhile, the plugin has already been used to...


Attackers using Dropbox to target Taiwanese government

July 1, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

While we have previously mentioned cyber-crime actors using Dropbox for malware delivery, threat actors are now using the popular file-sharing services to target nation-states. According to The Register, attackers targeted a Taiwanese government agency using a RAT known as PlugX (also known as Sogu or Korplug). From an anti-forensics perspective, PlugX is a very interesting piece of malware. One of the main ways it loads is by using a technique similar to load order hijacking.


Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL

June 13, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

When analyzing tools, tactics, and procedures for different malware campaigns, we normally don’t see huge changes on the attackers’ part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named “Dyre”. This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials.


The Chances of Becoming a Cyber Victim: A Look at Cyber Safety

June 9, 2014 by Cofense in Internet Security Awareness

What are the chances of becoming a cyber victim? In this post, we’ll explore the odds compared to the chances of other unrelated events. Many of us take comfort in knowing that certain bad things are not likely to happen to us, so we don’t worry too much about those things. We think our chances are pretty good. Comforting Odds:  Dying from a shark attack: 300,000,000 : 1 Your opponent’s getting a Royal Flush in poker: 649,739 : 1 Being struck by lightning in California: 7,538,382 : 1 A meteor landing on your house: 182,138,880,000,000 : 1 Dying from a mountain lion...


An inside look at Dropbox phishing: Cryptowall, Bitcoins, and You (updated)

June 6, 2014 by Cofense in Phishing

Post Updated on June 10 On Monday, I wrote about attackers using phishing attacks to deliver malware via links to Dropbox. Today, we received another wave of these emails with slightly different subject lines. Figures 1, 2, and 3 show the variants that were received by us in the latest campaign, and reported by our internal users. In this campaign, 10 of our users were targeted.


Beware of phishing emails using Dropbox links

June 2, 2014 by Cofense in Phishing

Several weeks ago, I wrote a blog entry about phishing emails using zip files with executable files attached to them. Using PhishMe Reporter, several of our users (yes, we use our own tools internally) successfully identified a new round of phishing, this time using Dropbox links in the body.


What do Takedown Vendors and Fire Hydrants Have in Common?

June 2, 2014 by Cofense in Internet Security Awareness

What, you may ask, do takedown vendors and fire hydrants have in common?  Well, perhaps more than one might think. In this post, we’ll examine a couple of different aspects: what they do and their intended use, their impact on us and our businesses and where they fall short in protecting us and our assets from harm and how we can address these shortcomings. Let’s start with what each does and their intended use.  Both are intended to protect us from further harm once a threat to our security and wellbeing are identified.  In the case of the fire hydrant, water is provided by...


What we’re reading about the Chinese hacking charges

May 21, 2014 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

While the full implications from yesterday’s DoJ indictment of five Chinese hackers on charges of cyber crime are yet to be fully seen, these charges have already succeeded in elevating cyber crime from a niche discussion to an important debate in society at-large. Furthermore, just as last year’s APT1 report did, the court documents provide a detailed glimpse at the tactics China is using to steal trade secrets from the world’s largest corporations (not surprisingly, phishing continues to be the favored attack method). There has been a lot of media attention on this story, so we’ve put together a list...


SIEM: So Many Alerts, So Little Time

May 15, 2014 by Cofense in Internet Security Awareness

Software vendors participate in industry events for various reasons. We attend to share information as speakers and to learn as attendees. You’ll see us sponsor tote bags, snack stations, and even lunch. We are there to raise awareness of our solutions and generate leads for our sales team. We like scanning badges as much as you like getting schwag but for most vendors like us, the best use of our time in the booth is not spent waving a scanner. It is “events season” in the security world and PhishMe has been an active participant in events like RSA, FS-ISAC...


Phishing Attacks Target Google Users with Weakness in Chrome: What You Need to Know

May 14, 2014 by Cofense in Internet Security Awareness

If your employees are users of Google Chrome and/or Mozilla Firefox, your network could be vulnerable to a unique phishing attack targeting the two most widely-used browsers in the world. Several media outlets are covering the uniform resource identifiers (URI) exploit, which Google Chrome and other web browsers utilize in order to display data. This attack, which is difficult to identify via traditional methods, allows cybercriminals to gain access to Google Play, Google+ and Google Drive. This means that any sensitive information stored within each of those areas is up for the taking. In the case of Google Play that means...