New Tactic Bypasses Existing Security Controls – Most Recent PayPal Phish Reveals Stealthy HTML Attachment
May 25, 2016 by Heather McCalley in PhishingIncident response is always a cat and mouse game. Organizations spend heavily on people and technology to help protect their enterprise, while threat actors continue to find new and unique ways to bypass those controls. We’ve seen this trend continue over time, whether it be with the shift to MHTML files by Locky or the delivery of malicious PowerPoint show files. The PhishMe intelligence team has noticed another change, this one by the actors who are phishing for login credentials, and their tactics reveal that they are actively working to bypass security controls.
Ransomware targeting US Congress specifically? Probably not.
May 24, 2016 by Cofense in PhishingIn another highly visible ransomware event, Techcrunch recently reported that Congress was warned about ransomware attacks that were impacting the House of Representatives. While ransomware is by no means new, Congress was warned that these attacks were personalized and are specifically targeting third-party email services such as Yahoo or Gmail. Additionally, Congress was warned that their machine could be encrypted by simply clicking the link within the message.
Bolek: Leaked Carberp KBot Source Code Complicit in New Phishing Campaigns
May 19, 2016 by Cofense in PhishingReuse of infrastructure supporting malware distribution is a well-documented characteristic of online crime and a key way to track and classify threat actors. While it may seem simplistic for monitoring threat actor activities, the IP addresses, domains, hostnames, and URLs contacted by malware tools betray a significant amount of information about threat actor groups. For some malware attacks, it’s possible to determine the threat actor’s identity based on the infrastructure used, but, other times, the lines are blurred because some organizations harbor cyber criminals.
You spoke, we listened: What’s new for CBFree
May 12, 2016 by Cofense in Internet Security AwarenessYou spoke…we listened. PhishMe CBFree Computer Based Learning modules launched in October 2015 and was extremely well received among users. As an initial launch, we listened heavily to our customer’s feedback and have a new set of modules.
PhishMe’s Gary Warner Featured in Threat Intelligence Thought Leadership Interview on Recorded Future
May 4, 2016 by Cofense in Cofense NewsThreat IntelligenceThis week, Recorded Future published another segment in their recent “Threat Intelligence Thought Leadership Series” featuring PhishMe’s Chief Threat Scientist Gary Warner. The article titled Why You Should Launch a Threat Intelligence ‘Hunt’ Team covers a variety of perspectives on threat intelligence, from driving factors in today’s threat intelligence community, actionable intelligence trends and even advice for aspiring threat intelligence analysts on how to navigate today’s information security landscape.
University W2 Phishing and CEO Impersonation
April 13, 2016 by Cofense in PhishingAt PhishMe we talk frequently about a familiar concept that cyber attacks and phishing emails are very rarely sent to only one organization. While security teams tend to focus on threats to your organization, PhishMe Intelligence is watching for email-based threats for EVERY organization. As we were gathering information about tax-related phishing scams this year, we noticed that institutes of higher learning were being hit quite broadly by this year’s W2 related scams.
RockLoader – New Upatre-like Downloader Pushed by Dridex, Downloads all the Malwares
April 12, 2016 by Cofense in PhishingOn 4/6, the Phishing Intelligence team came across a wave of phishing emails that contained a .js file packaged inside of a zip file used to deliver malware. This is nothing new, and has been seen being pushed out by resources associated with the Dridex botnet and the Locky encryption ransomware. The interesting piece is that the attackers are using a new piece of malware called RockLoader to download and install the malware on remote systems. Downloaders are nothing new, as Upatre was used with Dyre and Gameover ZeuS in the past. RockLoader has several tricks up its sleeve.
PhishMe April Cybercrime Alert: Ransomware Attacks Expected to Increase
March 31, 2016 by Cofense in PhishingPress ReleasesCybersecurity Experts, Former Federal Law Enforcement Professionals Say Cryptocurrency, Digital Data and Vulnerable Employees May Fuel Largest Crimewave in Modern History LEESBURG, Va. – March 31, 2016 – PhishMe Inc., the leading provider of human phishing defense solutions, today released its April Cybercrime Alert, warning all organizations that its threat researchers expect ransomware attacks to increase as cybercriminals become increasingly aware that: Ransomware is readily-available and changes faster than detection technologies can respond In most cases, paying the ransom is the only way to free hostage data and systems Recent successful ransom situations will only encourage more attempts Cryptocurrencies such...
Tax Time is Phishing Time: Here’s How to Help!
March 31, 2016 by Heather McCalley in PhishingImportant disclaimer: THE IRS DOES NOT INITIATE CONTACT WITH TAXPAYERS BY EMAIL, TEXT MESSAGE, OR SOCIAL MEDIA CHANNELS TO REQUEST PERSONAL OR FINANCIAL INFORMATION. (See: https://www.irs.gov/uac/Report-Phishing ) The IRS has a very active security team, currently part of the U.S. Treasury Inspector General for Tax Administration (TIGTA), that is responsible for fighting phishing and tracking down the criminals who prey on U.S. tax payers. If you believe you have received a Phishing email, please help them by reporting the email you received to [email protected] Additionally, please also consider sending a copy to our team. PhishMe Brand Intelligence automatically processes any URLs...