Products
Products
Response
Intelligence
About Cofense
About Cofense
Leadership

Cofense Phishing Prevention & Email Security Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

.NET Keylogger: Watching Attackers Watch You

October 16, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Throughout life, there are several things that make me smile. Warm pumpkin pie, a well-placed nyan nyan cat, and most of all – running malware online – never fail to lift my mood. So imagine my surprise to see, after running a malware sample, that the attackers were watching me. Here’s a screenshot of a phishing email we received, which contained a keylogger written in .NET.

READ MORE

National Cybersecurity Awareness Month 2014

October 6, 2014 by Cofense in Internet Security Awareness

With National Cyber Security Awareness month (NCSAM) upon us, the national spotlight is on best practices to stay safe and protect your data online. Thanks to the support of the National Cyber Security Alliance, Department of Homeland Security, and the White House , the month of October will feature a number of initiatives designed to increase the knowledge base about cyber security issues with the general population and promote DHS’ “Stop. Think. Connect.” program to empower individuals to be safer online. PhishMe is proud to participate by being a 2014 NCSAM champion, and have made a number of resources available to...

READ MORE

Bash Vulnerability CVE-2014-6271 – Worm-able and Possibly Worse Than Heartbleed

September 25, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Post Updated 9/30/2014 Several months ago, the Internet was put to a halt when the Heartbleed vulnerability was disclosed. Webservers, devices, and essentially anything running SSL were affected; as a result, attackers were able to collect passwords, free of charge. With Heartbleed, the exploit made a splash and many attackers started to use the vulnerability. One of the more high-profile attacks of Heartbleed was the CHS attack, where the attackers siphoned 4.5 million patient records by attacking a Juniper device, then hopping onto their VPN. So how can something be bigger than Heartbleed? I’m glad you asked.

READ MORE

PDF Exploits: A Deep Dive

September 8, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

On Friday, several of our users received phishing emails that contained PDF attachments, and reported these emails through Reporter. The PDF attachment is a slight deviation from the typical zip-with-exe or zip-with-scr; however, it’s still delivering malware to the user.

READ MORE

Four Ways Phishing Has Evolved in 2014

August 20, 2014 by Cofense in Threat IntelligenceInternet Security Awareness

Phishing isn’t exactly a new kid on the block. Phishing is one of the most common email-based threats. It is a tried and tested tactic that continues to deliver impressive results for cybercriminals. That’s why phishing continues to grow in popularity. In the month of June 2014 alone, phishing activities totaled $400 million in losses, which could be annualized at $102 million per year. While it has been around for years, phishing has evolved considerably and has increased in efficiency and effectiveness. In the last six months (as compared to 2013), we’ve seen several differences in the type, size and...

READ MORE

If it Looks Like a Phish, Acts Like a Phish, it Could Be Malware

August 20, 2014 by Cofense in Phishing

Most of us are familiar with the common idiom “If it looks like a duck, swims like a duck, quacks like a duck, then it is probably a duck.” Despite criminals’ constant efforts to change their techniques and tactics, this idiom usually holds true for online crime. Phishers have characteristic techniques in just the same way that malware writers and distributors employ specific tactics. These two don’t often overlap. However, when they do, it makes for a spectacularly effective attack. This week, PhishMe’s analysts uncovered spam emails distributed by the Cutwail spamming botnet using a new JP Morgan Chase spam...

READ MORE

An IRS Rebate That Isn’t Worth It: Phishing Tactics Repeat Themselves

August 13, 2014 by Cofense in Phishing

It’s about the time of year when people should be receiving tax refunds from the IRS, which gives attackers a great opportunity to craft phishing emails. PhishMe users recently reported a round of phishing emails purporting to be from the IRS about tax refunds:

READ MORE

Small but powerful — shortened URLs as an attack vector

July 31, 2014 by Cofense in PhishingThreat Intelligence

Using tiny URLs to redirect users to phishing and malware domains is nothing new, but just because it’s a common delivery tactic doesn’t mean that attackers aren’t using it to deliver new malware samples. We recently received a report of a phishing email from one of our users here at PhishMe that employed a shortened google URL, and led to some surprising malware. Through the power of user reporting, we received the report, discovered the malicious nature of the shortened URL, and reported the issue to Google – all within a span of 30 minutes. Google reacted quickly and took...

READ MORE

The New GameOver Zeus Variant (newGOZ) Spams Again

July 22, 2014 by Cofense in Malware Analysis

Almost two weeks ago, PhishMe identified a new Trojan based almost entirely on the notorious GameOver Zeus variant. The new GameOver Zeus variant demonstrated many of the same behaviors and characteristics of the original. The most notable change between these two Trojans was the abandonment of the peer-to-peer botnet used by the older GameOver Zeus. Instead, the new variant used a new fast-flux infrastructure. However, much of the behavior—and malicious capabilities— of the original was retained in this newer form of the malware. Today, a large number of spam emails were received and analyzed by PhishMe in one of the...

READ MORE