About Cofense
About Cofense

Cofense Phishing Prevention & Email Security Blog


Dridex, Pony, and Neutrino…oh my!

January 19, 2016 by Cofense in Phishing

From time to time, there will be an overlap with malware infrastructure where one attacker will compromise another attacker’s infrastructure. Typically, this is part of the “compromised infrastructure” which can fluctuate, and attackers have even been seen to uninstall one another’s malware. However, in this case, we strongly believe that the actors are experimenting with Dridex, Pony, and Neutrino.


Translation Update: How to Pwn an Electric Company (or Anyone Else, for That Matter)

January 6, 2016 by Cofense in Phishing

1/13/2016 Update: The blog has been updated to reflect the translation of the BlackEnergy word document. On January 4th, ESET released an amazing blog post about the BlackEnergy Trojan being used to attack power companies in the Ukraine to knock out the power in some areas. While this is not the first time we’ve seen cyber attacks become kinetic, the BlackEnergy attacks could have been prevented.


Enterprise Phishing Susceptibility Analysis

December 21, 2015 by Cofense in Phishing

Analysis overview: 8 million emails over a 13 month span 75% of organizations are training more than 1,000 employees Representing organizations from US (86%) and Europe (14%) Representing 23 industries Tackling a mountain of unmined data in search of answers can be a daunting task. Starting from scratch, we understood that we would likely face challenges to our pre-conceived notions of what works well and were prepared to accept what the data would tell us, however challenging it might be. Our goals were simply to understand what and how much data was available for analysis. We began with basic questions;...


Using RTF Files as a Delivery Vector for Malware

December 9, 2015 by Cofense in Phishing

During malware analysis we often see attackers using features in creative ways to deliver and obfuscate malware. We’ve recently seen an increase with samples leveraging RTF temp files as a delivery method to encapsulate and drop malware.


CNBC Squawk Box Tackles Multi-Billion Dollar Enterprise Phishing Problem, Taps PhishMe CEO Rohyt Belani for Expert Opinion

December 4, 2015 by Cofense in Phishing

NEW YORK, NEW YORK — This morning, CNBC Squawk Box anchors tackled the enterprise phishing scourge with the assistance of PhishMe CEO and recognized cybersecurity thought leader, Rohyt Belani. As pointed out by anchor Andrew Ross Sorkin at the beginning of the segment, phishing attacks are responsible for more than 90 percent of the major data breaches taking place today and were cybercriminals’ primary attack vector for recent compromises at the OPM and Anthem.


Macro documents with XOR Encoded Payloads

November 9, 2015 by Cofense in Phishing

When reversing malware samples, one of the things that we as analysts look for are places where the attackers slip up. This can be anywhere from using the same strings, to weak obfuscation routines, or re-using the same snippet of code. When we talk about the attackers, there is this misconception that they are these super villains who can only do evil, but keep in mind they are humans too.


Awareness isn’t the goal, it’s just the beginning

October 27, 2015 by Aaron Higbee in Internet Security AwarenessMalware Analysis

When people refer to PhishMe as the awareness company, we smile and nod. I want to correct them, but the label ‘security awareness’ is comfortable and relatable. One of the activities that organizations commonly believe will help reduce risk is mandatory security awareness computer-based training (CBT) lessons.  The hope is that if we enroll our humans in online courses about how the bad guys hack us, they will walk away with a wealth of new-found awareness and avoid being victimized.  (Try to visualize how far in the back of my head my eyes are rolling…)


PhishMe Celebrates National Cyber Security Awareness Month 2015 and UK Based Security Serious Week

October 7, 2015 by Cofense in Internet Security AwarenessMalware Analysis

It’s that time of year again. No, it’s not the arrival of the pumpkin spiced latte at your local coffee shop. It’s National Cyber Security Awareness month (NCSAM) as proclaimed by President Barack Obama last year. “National Cyber Security Awareness Month — celebrated every October — was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online,” as stated by the National Cyber Security Alliance located on their website. At PhishMe, we are proud to once again play a lead role in the cyber...


Business Email Compromise Phishing Attacks Soaring

September 30, 2015 by Cofense in PhishingInternet Security Awareness

Business email compromise phishing attacks are soaring. The profits that can be made from these types of attacks have made them highly popular with cybercriminals. That should be of major concern for all business leaders. When people ask me “What’s going on with Phishing?” these days I tell them that 2015 will be remembered as the Year of the Email Phish.  Not Email Phish as in “someone sent me a link to a malicious website by email”, but rather Email Phish as in “the goal of this phishing attack is to steal my email password.”  During the calendar month of...