Products
Products
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Cofense Phishing Prevention & Email Security Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Yara CTF – The Answers

September 3, 2015 by Cofense in Internet Security Awareness

Hello everyone, and thank you for coming to check out the Yara CTF answers! We had a TON of folks who were interested in the challenge, many submitted answers, and many folks enjoyed the challenges. Some of the best feedback we received was “This was the shortest plane ride over to Vegas. Thanks, PhishMe!”

READ MORE

Yara CTF, Blackhat 2015

August 4, 2015 by Cofense in Phishing

Welcome and good luck on the CTF! Password: “Go forth and hack!!##one1”, no quotes. PM_Yara_CTF_2015 One of the challenges is to write an exploit, so please exercise responsible disclosure on this one! We will be working with the developers to get the code patched ASAP! Please note: Challenge #4 contains a typo, it needs a Yara rule, not a key. Sorry for the error. Deadline for submissions: We will close the contest at 8 AM (PDT) on Thursday, August 6.

READ MORE

The Danger of Sensationalizing Phishing Statistics

August 3, 2015 by Rohyt Belani in Phishing

People are often curious about what percentage of users will fall for a phishing attack, and it’s tempting to try to create this kind of statistic. At PhishMe, we’ve found that trying to assign a blanket statistic is counterproductive – however this hasn’t stopped others in the industry from trying to do so. The most recent company to try is Intel Security (formerly McAfee), which declared that 97% of people globally were unable to correctly identify phishing emails. While this statistic certainly makes for a nice headline, it is broad-based and flawed in a number of ways.

READ MORE

These Are Not The (CryptoLocker) Resumes You’re Looking For

July 8, 2015 by Cofense in Internet Security AwarenessThreat Intelligence

For a long time, attackers have used .zip files in order to carry their bad stuff to organizations. Typically attackers include the malware in an .exe or screensaver file in the .zip , but we’ve noticed attackers trying to tell a different story in a recent wave of attacks.  Here’s a screenshot of one of the emails: Once opened, the user is prompted to download a .zip file. We can see this in the iframe of the html file inside, as well as the .zip file that is downloaded.

READ MORE

Deriving Malware Context Requires Human Analysis

June 20, 2015 by Cofense in Threat Intelligence

Man versus machine is one of the oldest technology tropes. In the modern tech economy, it represents one of the largest driving forces in many industries in which processes are streamlined by the inclusion of robotics and automated processes. For the threat intelligence industry, the automated malware sandbox represents the machine that has been put in place to replace the work done by analysts. However, while producing high quality threat intelligence can be enhanced with the inclusion of some automation, completely replacing the human aspect greatly impacts the quality of your analysis. The automated sandbox provides a snapshot of a...

READ MORE

CERT Researchers Examine Domain Blacklists

June 19, 2015 by Cofense in Threat Intelligence

After researching everything you want to know about domain blacklists, Jonathan Spring and Leigh Metcalf – two members of the technical staff at the CERT Division of Carnegie Mellon University’s Software Engineering Institute – performed an additional analysis and case study on the Domain Blacklist Ecosystem. Their research supports a hypothesis regarding how the difference in the threat indicators available from a range of different sources is related to sensor vantage and detection strategy. To facilitate this, they required a source of intelligence that varied the detection strategy without changing the sensor vantage. University research continues to play an important role in how we develop...

READ MORE

DNS Abuse by Cybercriminals – RATs, Phish, and ChickenKillers

June 15, 2015 by Cofense in Threat IntelligencePhishing

This week in our malware intelligence meeting, our analysts brought up DNS abuse by cybercriminals. Two malware samples were seen this week which had the domain “chickenkiller.com” in their infrastructure. I thought this sounded familiar, but my first guess was wrong.  Chupacabra means “goat sucker” not “chicken killer”.  So, we did a search in the PhishMe Intelligence database and were surprised to see not only that “chickenkiller.com” was used in two different malware samples in the past week, but that there were also more than sixty phishing sites that linked to that domain! What we’re seeing here is a combination...

READ MORE

Dyre Configuration Dumper

June 11, 2015 by Cofense in Internet Security Awareness

It’s been over a year since Dyre first appeared, and with a rise of infections in 2015, it doesn’t look like the attackers are stopping anytime soon. At PhishMe we’ve been hit with a number of Dyre attacks this week, so to make analysis a little easier, I tossed together a quick python script that folks can use for dumping the configurations for Dyre.

READ MORE

Forget About IOCs… Start Thinking About IOPs!

June 9, 2015 by Aaron Higbee in Internet Security Awareness

For those who may have lost track of time, it’s 2015, and phishing is still a thing. Hackers are breaking into networks, stealing millions of dollars, and the current state of the Internet is pretty grim. We are surrounded with large-scale attacks, and as incident responders, we are often overwhelmed, which creates the perception that the attackers are one step ahead of us. This is how most folks see the attackers, as being a super villain who only knows evil, breathes evil, and only does new evil things to trump the last evil thing. This perception leads to us receiving...

READ MORE