About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Cofense Phishing Prevention & Email Security Blog


The Phishing Kill Chain – Simulation Delivery

September 25, 2017 by Cofense in PhishingCyber Incident ResponseInternet Security Awareness

Part 4 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 3 we looked at Simulation Design, where we discussed utilization of simulation results analysis and active threat intelligence in anti-phishing programs. We will now take a closer look at simulation delivery practices.


A Song of Ice and Ransomware: Game of Thrones References in Locky Phishing

September 22, 2017 by Cofense in Malware AnalysisCyber Incident ResponsePhishing

We rarely find out the identities of online attackers. As a result, it is often easy to picture attackers as impartial and emotionless devices instead of humans or groups of people. However, attackers often reveal small bits of information about themselves and their personalities in the tactics, techniques, and procedures they select.


Tune Your Phishing Defense at Submerge 2017

September 21, 2017 by Cofense in PhishingCyber Incident ResponseInternet Security Awareness

Attention incident responders: PhishMe® Submerge is for you. Submerge 2017, our second annual User Conference and Phishing Defense Summit, offers over a dozen sessions on phishing defense alone. Overall the event will offer 30+ sessions, including another track covering phishing resilience.


TrickBot Targeting Financial and Cryptocurrency Data

September 21, 2017 by Cofense in PhishingInternet Security AwarenessMalware Analysis

While a great deal of focus for research into botnet trojans is on the multipurpose utility of this malware, many of these same tools are still utilized for direct financial crimes and fraud. This configuration data, provides a prima-facie insight into some of the preferred means for monetary gains by threat actors. An example of this can be found in the most recent rounds of TrickBot malware configurations. These XML documents describe the targeted login pages for online services and the action the malware is to take when a victim visits one. Many of the targeted resources reference the login...


5 Reasons Our UK Phishing Report Would Make Winston Churchill Scowl

September 20, 2017 by Cofense in PhishingCyber Incident ResponseInternet Security Awareness

The US and UK share a lot of things. History. Political traditions. A language, if one is feeling generous. And now some worrisome phishing data that jumps out of two reports PhishMe® has commissioned, most recently in the UK.


Endpoint Phishing Incident Response with PhishMe and Carbon Black

September 19, 2017 by Cofense in Threat IntelligenceCyber Incident ResponsePhishing

Hunting Phished Endpoints with PhishMe Intelligence™ and Carbon Black® Response While sipping coffee and reading the morning headlines, the CISO notices a global mass-phishing campaign that took place overnight. Picking up the phone and calling the SOC, the CISO asks; “Are there any computers that may have been infected with ‘X’ that I read about this morning? I need answers before my meeting in an hour”.


Customized Phishing Simulations Keep You “Left of Breach”

September 18, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

Part 3 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 2 we looked at Self-Enumeration, assessing security and business process gaps that phishing attackers exploit. It’s the first step in being “Left of Breach” (see figure below), the process that builds a proactive phishing defense strategy.


Phishing Incident Response: Get Started in 3 Steps

September 15, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

So, you want to improve your response to phishing threats? Smart idea. PhishMe®’s recent report on phishing response trends shows that phishing is the #1 security concern, but almost half of organizations say they’re not ready for an attack.


Identity Crisis – The Real Cost of a PII Data Breach

September 12, 2017 by Cofense in Cyber Incident ResponseInternet Security AwarenessPhishing

As the success of phishing attacks continues to broaden and gain traction in the modern news cycle, it’s important that we understand the differences in impacts based on the type of breach.


Top 10 Phishing Attacks of 2014

December 10, 2014 by Cofense in Phishing

With December upon us and 2014 almost in the books, it’s a perfect time to take a look back at the year that was, from a phishing standpoint of course. If you’ve been following this blog, you know that we are constantly analyzing phishing emails received and reported to us by PhishMe employees. What was the most interesting phishing trend we observed in 2014? While attackers are loading up their phishing emails with new malware all the time, the majority of their phishing emails use stale, recycled content.


Dyre Attackers Shift Tactics

December 8, 2014 by Cofense in Internet Security Awareness

On December 4th, several employees using PhishMe’s Reporter Button for Outlook reported new waves of Dyre phishing. The email appeared normal at first, but further analysis showed that the attackers have made a big shift in order to remain hidden.


WordPress Phishing: Target of Cybercriminals Worldwide

November 21, 2014 by Cofense in Phishing

WordPress phishing attacks are now commonplace, with the sites a target for cybercriminals worldwide. WordPress and Phishing now go hand in hand. WordPress sites are being used by cybercriminals to obtain a wide range of sensitive data from users. In some cases, those sites are created by cybercriminals. In other cases, vulnerabilities in WordPress sites are leveraged and new content is created – content that captures users’ information. Exploit kits are also loaded onto the sites that download malware. Today’s technical press was full of headlines about the recent WordPress updates -eWeek’s WordPress 4.01 Updates Millions of Sites for 8 Flaws...


Two Attacks… Two Dyres… All Infrastructure

November 6, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Over the last few days, we have seen two waves of Dyre. The attackers have changed things up a bit and made it harder to analyze. By using memory forensics techniques, we took a peek into their command and control (C2) infrastructure. The #1 rule of memory forensics…everything has to eventually be decoded, and we’re going to use this to our advantage. Here’s a quick look at the waves of emails we received. (Figures 1 and 2)


Attackers Go Back to School: Phishing From .edu Leads to ZeuS

October 31, 2014 by Cofense in Internet Security Awareness

On October 28th, several of our employees reported a wave of suspicious emails. The most peculiar of the bunch originated from an American university. Here is a screenshot of the phishing email:


.NET Keylogger: Watching Attackers Watch You

October 16, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Throughout life, there are several things that make me smile. Warm pumpkin pie, a well-placed nyan nyan cat, and most of all – running malware online – never fail to lift my mood. So imagine my surprise to see, after running a malware sample, that the attackers were watching me. Here’s a screenshot of a phishing email we received, which contained a keylogger written in .NET.


National Cybersecurity Awareness Month 2014

October 6, 2014 by Cofense in Internet Security Awareness

With National Cyber Security Awareness month (NCSAM) upon us, the national spotlight is on best practices to stay safe and protect your data online. Thanks to the support of the National Cyber Security Alliance, Department of Homeland Security, and the White House , the month of October will feature a number of initiatives designed to increase the knowledge base about cyber security issues with the general population and promote DHS’ “Stop. Think. Connect.” program to empower individuals to be safer online. PhishMe is proud to participate by being a 2014 NCSAM champion, and have made a number of resources available to...


Bash Vulnerability CVE-2014-6271 – Worm-able and Possibly Worse Than Heartbleed

September 25, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Post Updated 9/30/2014 Several months ago, the Internet was put to a halt when the Heartbleed vulnerability was disclosed. Webservers, devices, and essentially anything running SSL were affected; as a result, attackers were able to collect passwords, free of charge. With Heartbleed, the exploit made a splash and many attackers started to use the vulnerability. One of the more high-profile attacks of Heartbleed was the CHS attack, where the attackers siphoned 4.5 million patient records by attacking a Juniper device, then hopping onto their VPN. So how can something be bigger than Heartbleed? I’m glad you asked.


PDF Exploits: A Deep Dive

September 8, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user.