Products
Products
Response
Intelligence
About Cofense
About Cofense
Leadership

Cofense Phishing Prevention & Email Security Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Locky Stages Comeback Borrowing Dridex Delivery Techniques

April 21, 2017 by Cofense in RansomwareMalware AnalysisPhishing

The ransomware that defined much of the phishing threat landscape in 2016 raged back into prominence on April 21, 2017 with multiple sets of phishing email messages. Harkening back to narratives used throughout 2016, these messages leveraged simple, easily-recognizable, but perennially-effective phishing lures to convince recipients to open the attached file.

READ MORE

Does your Incident Response Plan include Phishing?

April 20, 2017 by Cofense in Phishing Defense CenterCyber Incident ResponsePhishing

It’s no secret that 90% of breaches start with a phishing attack. The question is: are you prepared to recognize phishing and respond to it? Many organizations are concerned with how much spam they receive and implement controls specific to spam. But you shouldn’t confuse preventing spam with responding to phishing attacks.

READ MORE

How Dridex Threat Actors Craft Phishing Attacks, No Exploits Necessary

April 18, 2017 by Cofense in Malware AnalysisPhishingRansomware

Threat actors using the Dridex botnet malware received a great deal of attention recently for their purported utilization of content exploiting a previously un-patched vulnerability in Microsoft Word. This exploit, which took advantage of unexpected behavior in the handling of certain document types, was reportedly used to deliver the Dridex botnet malware via documents attached to phishing emails. However, the bulk of Dridex campaigns leverage far more common delivery techniques that abuse the functionality that already exists in Microsoft Office and Adobe Reader rather than deploying some complex exploit content. This serves as a reminder that threat actors don’t always...

READ MORE

Wide-Spread Ursnif Campaign Goes Live

April 11, 2017 by Cofense in Phishing Defense Center

On April 5th, our Phishing Defense Center received a flurry of emails with subject line following a pattern of Lastname, firstname. Attached to each email was a password-protected .docx Word document with an embedded OLE package. In all cases the attachments were password protected to decrease the likelihood of detection by automated analysis tools. A password was provided to the victim in the body of the email which attempts to lure the victim into opening the malicious attachment and to increase the apparent legitimacy of the message. 

READ MORE

Malware Delivery OLE Packages Carve Out Market Share in 2017 Threat Landscape

April 10, 2017 by Cofense in PhishingMalware AnalysisThreat Intelligence

In the first quarter of 2017, PhishMe Intelligence has noted an increase in malware distributors utilizing OLE packages in order to deliver malware content to victims. This current trend was first noted in December 2016 with close association to the delivery of the Ursnif botnet malware. This technique abuses Microsoft Office documents by prompting the victim to double-click an embedded icon to access some content. These objects are used to write a script application to disk that facilitates the download and execution of a malware payload. This method adds to another iteration of techniques threat actors use to evade anti-analysis...

READ MORE

Dridex Threat Actors Reinvigorate Attacks with Sizable, Concurrent Campaigns

April 6, 2017 by Cofense in Threat IntelligenceMalware AnalysisPhishing

One of the most historically effective techniques for gaining new infections for the powerful Dridex botnet malware has been sizable sets of widely-distributed phishing email. While these large campaigns have been intermittent for several months, the past week’s Dridex distributions have shown a renewed vigor with several larger campaigns being launched both concurrently and repeatedly. Many of these campaigns return to well-used and previously-successful email templates and malware delivery tools that had seen earlier utilization in conjunction with both Dridex deliveries and the delivery of other malware tools. On March 30, 2017 three distinct sets of phishing emails were identified...

READ MORE

PhishMe End-to-End Phishing Mitigation Solution Delivers ROI, Operational Efficiency and Reduced Susceptibility

April 5, 2017 by Cofense in PhishingCofense News

Before investing in any type of security solution, you need to know your money will be well spent. That’s especially true for security professionals shopping for antiphishing solutions, hence why PhishMe commissioned Forrester Research, Inc. to research the effectiveness of PhishMe’s complete phishing defense solution among key customers.

READ MORE

W-2 Fraud – Tax Season and All Year Long

April 4, 2017 by Cofense in Phishing Defense Center

It’s the time of year when Taxes are on everyone’s mind – especially Phishers! The stress of filing.  The stress of gathering all the documents.  The stress of reporting.  The stress of the deadline.  All of that on top of everything else you have to do this time of year makes tax time phishing a favorite and highly successful annual event for phishing scams. However, once the filing is completed, it doesn’t mean the campaigns will stop.  W2 and CEO fraud are timeless phishing campaigns that run all year long.

READ MORE

Spam is Spam, Phishing is Phishing, but Phishing is not Spam

April 3, 2017 by Aaron Higbee in PhishingInternet Security Awareness

Problems arise when we use the terms Spam and Phishing interchangeably. At the risk of sounding persnickety, I’m going to try to build the case of why we need to stop confusing Spam and Phishing.

READ MORE

Syrian Electronic Army continues to carry out successful data-entry phishing attacks

August 20, 2013 by Aaron Higbee in Phishing

When the Syrian Electronic Army nailed a number of prominent media outlets earlier this year, we were pleased to see a number of open and honest responses from those that were breached, notably from The Onion and The Financial Times. Last week, the SEA was at it again, successfully hacking content recommendation service Outbrain, an attack which provided a foothold to compromise media behemoths The Washington Post, Time, and CNN. The SEA attacked Outbrain with largely the same tactics it has used so successfully in the past few months, by eliciting log-in credentials through a phishing email, the same tactics...

READ MORE

To improve security awareness, think marketing

August 13, 2013 by Rohyt Belani in Internet Security Awareness

Security awareness is a term that often makes IT security pros cringe. It brings to mind images of mind-numbing training or of ineffectual posters and stress balls urging employees to change their passwords frequently. Based on years of experience working with enterprises and other large organizations, we are launching a new blog series, “7 Principles Critical to Security Awareness Programs”, that will offer some insight in concepts we have incorporated in our solution to demonstrably improve security awareness for our customers. The first topic we will address is marketing. Changing behavior is one of the greatest challenges security officers face...

READ MORE

An untapped resource to improve threat detection

July 31, 2013 by Cofense in Internet Security AwarenessThreat Intelligence

Speaking in front of the House Committee on Special Intelligence earlier this year, Kevin Mandia (CEO of Mandiant) remarked that, “One of the most valuable resources in detecting and responding to cyber attacks is accurate and timely threat intelligence.”  Despite its value, many organizations don’t have a way to get timely threat intelligence. How can organizations improve in this area? If you know anything about us, it probably won’t shock you that we’re encouraging enterprises to focus on their users as a source of real-time threat intelligence. Given that the vast majority of targeted attacks focus on the end user...

READ MORE

Double Barrel Throwdown Contest Terms and Conditions

July 16, 2013 by Cofense in Phishing

Please read before entering, as entry in this contest constitutes acceptance of these rules. No purchase is necessary to participate. The contest is open to all entrants who submit a valid entry form using a qualified email address. ENTRY IN THIS CONTEST CONSTITUTES YOUR ACCEPTANCE OF THESE OFFICIAL RULES The Double Barrel Throwdown (the “Contest”) is a competition to produce the most original, persuasive, and realistic Double Barrel phishing scenarios. PhishMe’s panel – composed of PhishMe employees – will select the best entry according to those criteria, with the winner receiving a Google Nexus tablet. To submit a valid entry...

READ MORE

Can a simulated phishing attack be counterproductive?

July 8, 2013 by Cofense in Internet Security AwarenessPhishing

I always enjoy reading articles from IT professionals who have sent simulated phishing exercises to their employees.  As I checked my email over the weekend my good friends at Google were kind enough to alert me about a new article from Tom Cochran, CTO of Atlantic Media, on this subject so I poured a fresh cup of coffee and started to read.

READ MORE

The Phish Chain: Phishing Attack from Start to Finish

June 18, 2013 by Cofense in Phishing

A few years ago, Computer Security Intelligence expert, Mike Cloppert discussed the Cyber Kill Chain, the process through which a cybercriminal uses malware to attack the victim. In a recent webinar titled “How to Use Email-based Threat Intelligence To Catch a Phish,” Securosis’ Mike Rothman applied Cloppert’s methodology to how cyberattacks work in the instance of a phishing attack. The kill chain begins with weaponization and ends with monetization, the point at which credentials are stolen. In this post, we’ll dig into the Phish Food Chain, as explained by Mike Rothman and discuss how cybercriminals utilize this process to attack your brand. Let’s take...

READ MORE

What is MTTK and Why is it Important to Cybersecurity?

June 10, 2013 by Cofense in Internet Security Awareness

There has been much talk recently about MTTK, but what is MTTK and why is it so important? This post explores the term and explains why MTTK is such an important concept in cybersecurity terms. When your organization is attacked, how long does it take you to know that the attack is taking place? Of course, we’d all like to be able to answer “right away.” However, for many companies that isn’t the case. Examples of phishing attacks lodged against major brands who don’t discover that they are being phished until months later have become commonplace. When a phishing attack...

READ MORE

Build Phishing Countermeasures to Protect Your Brand

May 22, 2013 by Cofense in PhishingThreat Intelligence

Corporations fight phishing each and every day. Large and recognizable financial institutions, retail companies, internet service providers/telecommunication companies are among those most heavily targeted victims of phishing. While the aftermath of a phishing attack is costly and yields long-term consequences, it’s quite difficult to keep up with cybercriminals. It’s shockingly easy for cybercriminals to create a phishing site targeted at your brand, so easy that the cybercriminal simply needs to unpack and upload a pre-built “phishing kit” in order to create a new phishing website. Just one phishing kit can produce hundreds of phishing URLs. With just a few clicks...

READ MORE