About Cofense
About Cofense

Cofense Phishing Prevention & Email Security Blog


In the Shadow of WannaCry, Jaff Ransomware Arrives Using Familiar Phishing Techniques

May 16, 2017 by Cofense in Malware AnalysisPhishingRansomware

Adding another entry to the ever-growing list of encryption ransomware, the Jaff Ransomware made its debut onto the threat landscape with large sets of phishing emails on May 11, 2017 – one day before the sensational impact of the WannaCry ransomware attack. However, the risks posed by the Jaff ransomware should not be overlooked. This, too, is a robust ransomware that leverages some of the most prolifically-used delivery mechanisms in phishing email and embodies characteristics associated with other very successful malware.


What You Can Do About the WCry (WannaCry) Ransomware

May 15, 2017 by Cofense in Internet Security AwarenessCyber Incident ResponseMalware Analysis

As most of you are aware, a fast moving, self-propagating attack blew across the internet over the weekend, and it’s not over yet. Using an alleged NSA exploit , this malware is able to quickly traverse a network and deliver a ransomware payload affecting hundreds of countries and hundreds of thousands of users.


WCry / WannaCry Ransomware Devastates Across the Globe

May 12, 2017 by Cofense in Malware AnalysisInternet Security AwarenessPhishing

A strain of encryption malware, or ransomware, is making a global presence today as numerous organizations struggle to respond. Reports of infections were found all over the globe.


Aaron Higbee Chats Google Doc Scam and other Phishing Trends on the Charles Tendell Show

May 11, 2017 by Cofense in PhishingInternet Security Awareness

This week, our co-founder and Chief Technology Officer Aaron Higbee had an opportunity to discuss the recent Google Docs phishing scam on the The Charles Tendell Show.


FireEye: Russians, Others Exploiting Zero-day Microsoft Office Vulnerabilities

May 9, 2017 by Cofense in Phishing

FireEye has identified three new zero-day vulnerabilities in Microsoft Office products that have been exploited by Russian cyber espionage entities and a yet-to-be-identified group.


Bogus Claim: Google Doc Phishing Worm Student Project

May 5, 2017 by Aaron Higbee in PhishingInternet Security AwarenessMalware Analysis

According to internet sources, Eugene Pupov is not a student at Coventry University. Since the campaign’s recent widespread launch, security experts and internet sleuths have been scouring the internet to discover the actor responsible for yesterday’s “Google Doc” phishing worm. As parties continued their investigations into the phishing scam, the name “Eugene Popov” has consistently popped up across various blogs that may be tied to this campaign. A blog post published yesterday by endpoint security vendor Sophos featured an interesting screenshot containing a string of tweets from the @EugenePupov Twitter handle claiming the Google Docs phishing campaign was not a...


Google Doc Phishing Attack Hits Fast and Hard

May 3, 2017 by Cofense in PhishingPhishing Defense Center

Google Doc Campaign Makes a Mark In the process of managing phishing threats for our customers, our Phishing Defense Center and PhishMe Intelligence teams saw a flood of suspicious emails with subject line stating that someone has “has shared a document on Google Docs with you”, which contained a link to “Open in Docs”. The “Open in Docs” link goes to one of several URLs all within the website.


April Sees Spikes in Geodo Botnet Trojan

May 2, 2017 by Cofense in PhishingPhishing Defense Center

Throughout April, our Phishing Defense Team observed an increase in malicious URLs that deliver the financial crimes and botnet trojan known as Geodo. These emails take a simple approach to social engineering, using just a sentence or two prompting the victim to click on a link to see a report or invoice that has been sent to them. An example of a typical phishing email used in these attacks is shown below: Following the malicious links will lead the victim to download a hostile JavaScript application or PDF document tasked with obtaining and executing Geodo malware. One common attribute of...


Orange is the New Hack?

May 1, 2017 by Cofense in PhishingInternet Security Awareness

One of the most popular Netflix series, Orange is the New Black, scored an early parole due to some bad behavior this weekend. TheDarkOverload, the group claiming responsibility for the hack, already released the season five premier and is threatening to release “a trove of unreleased TV shows and movies.”


Breaking out of the compliance mindset

October 22, 2013 by Rohyt Belani in Internet Security Awareness

During my years at Mandiant, I responded to a lot of breaches for a wide variety of organizations. Every breach case had one thing in common – the customer was compliant. While compliance is a requirement for many organizations, compliance does not equal security. I was recently talking to a CISO who has divided his department into two teams – one focused on security and the other focused on compliance. The security team deals with emerging threats to the network, while the compliance team deals with regulations. It’s an interesting strategy, and one that reflects how separate compliance and security...


Use metrics to measure and improve security awareness

October 15, 2013 by Cofense in Internet Security Awareness

It’s no secret that data is revolutionizing industries. Baseball managers have applied data to buck century-old beliefs about strategy (think Moneyball), anyone who has ever used knows that data has transformed retail, local law enforcement analyzes data to predict crime, and scientists are even using data to stop the spread of infectious diseases. Most security awareness programs fail to gather metrics. Those that do typically measure inputs instead of outputs. What this means is that many teams are measuring items such as the number users who complete a CBT course or attended a lunch instead of the number of...


What Does Big Data Mean for Enterprise Security Intelligence?

September 29, 2013 by Cofense in Internet Security Awareness

Big data is a buzzword and it certainly can be ambiguous and overused. But it is actually really meaningful – particularly for enterprise security intelligence solutions. Big Data, however, is essentially meaningless unless you have the right tools to analyze massive amounts of data. Here are a few of the advantages that big data brings to enterprise security intelligence: We can collect more data than ever before on the cybercriminal and the source of the crime. Big data lets us connect more data than ever before. This helps us understand the root cause of phishing threats. Through patented analytic tools,...


How do you make security awareness engaging?

September 24, 2013 by Cofense in Internet Security Awareness

Think back to all of the corporate training you’ve sat through during your career. Chances are (especially if you’ve worked at a large enterprise), that some of that training had little relevance to your job duties. How much knowledge from those courses did you retain? Although you technically completed the training, would you have been able to apply any of the information you were given in real life? For many employees, security awareness training falls into this category. It’s something they probably don’t care about, and that doesn’t help them do their jobs. This is why traditional awareness training has...


There are Different Types of Cybercriminals: Which are the Most Dangerous?

September 20, 2013 by Cofense in Internet Security Awareness

When we speak about cybercrimes, such as phishing and malware attacks, we tend to lump cybercriminals into one category but there are many different types of cybercriminals. They are not all motivated to steal credentials that lead to some sort of financial theft. While those types of crimes do occur, it is important to distinguish between the different types of cybercriminals that comprise today’s threatscape. Here are cybercriminal examples in operation today: Nation-states:Most notably, China, Iran, other nation-states looking to steal and infiltrate data. Hacktivists: Activists or groups (like WikiLeaks) seeking to steal data and release it publicly. Professional Cybercriminals:This group...


How to Integrate Anti-Phishing Solutions into Existing Security Infrastructure

September 18, 2013 by Cofense in Phishing

Today, we answer the question “How do I integrate anti-phishing solutions into my existing security infrastructure?” Today, layered security and perimeter-based security solutions are less effective than they used to be. Organizations tend to lump these things together as anti-phishing solutions as they deal with traditional symptoms of phishing problems – cybercriminals luring you to another site or emails with malware attachments. The great thing about phishing intelligence solutions is they fit in with other solutions that you have in place, supporting standards such as XML, where the data you consume is normalized and delivered in the form of an...


Negative reinforcement: How NOT to improve user behavior

September 16, 2013 by Rohyt Belani in Internet Security Awareness

One of the interesting aspects of security awareness training is the intersection of information security with human resources. We know from experience that security practitioners are not always experts in the latter, but what we recently saw from Dave Clemente was a real doozy. Clemente suggested that employees who engage in unsafe IT security behavior (such as clicking on phishing links) be reprimanded and that unsafe behavior should even negatively affect their performance review. To the security part of your mind, it might feel good to punish people for their security sins. We need to remember, however, that the ultimate...


For effective security awareness, keep it focused

September 10, 2013 by Rohyt Belani in Internet Security Awareness

In their book, “Switch: How to Change Things When Change is Hard” authors Chip and Dan Heath examine how influencing humans to change requires appealing to two parts of the brain: the rational and the emotional. Since the emotional part of our brain often gets frustrated when asked to make huge changes, Chip and Dan recommend that we “shrink the change” to change behavior in the face of resistance. The Heaths cite financial guru Dave Ramsey’s “Debt Snowball” strategy as an effective example of shrinking the change. For people mired in a mountain of debt, this strategy advocates paying off...


Cost of Phishing for Businesses

September 4, 2013 by Cofense in Phishing

We’re always talking about the cost of phishing for businesses, but why? Well, you might be surprised to learn that the true costs of phishing aren’t as obvious as you may suspect. Phishing, of course, is not a new problem. It’s in fact a very old problem that has its roots 20 years ago when people used floppy disks and moved from computer to computer in the good old days of the “sneakernet.” While phishing is not a new problem, it remains a very viable threat to many organizations – particularly financial institutions, e-commerce companies and government organizations. Rarely a...