Slava Ukraini: Dyre Returns
July 17, 2014 by Cofense in Threat IntelligenceIt has been a few weeks since the original discovery of the Dyre malware, and the attackers have sent another wave of phishing. This time, the phishing campaign only went to one senior level individual within our enterprise.
Phishing: Stop Paving the Cow Path
July 14, 2014 by Cofense in PhishingPaving the cow path—why are we still using the same technologies to combat modern phishing attacks? When the city of Boston was new and unpaved, the city fathers decided against laying out a regular street plan. Instead, they merely paved the paths that had been worn by cattle. The results? A chaotic and inefficient street plan that lacks logic. The admonition not to “pave the cow path” is supposed to remind us not to enshrine an existing way of doing something. However, when combating phishing, the #1 threat vector in security*, we are paving the cow path. Let’s start with some facts about...
The E-ZPass Scam: More Information On This Week’s Attacks
July 11, 2014 by Cofense in PhishingEarlier this week, reports surfaced about a new E-Z Pass scam. The spam campaign used the E-ZPass branding to fool recipients into visiting a malicious website. E-Z Pass is the electronic toll collection system used by several state departments of transportation. The E-Z Pass scam emails are likely to be sent to a large number of individuals who use the system, after all, the toll system is used in many cities. One of the emails we captured is shown in the image below. As you can see, the E-Z Pass scam emails use appropriate branding, and warn the recipient that...
Breaking: GameOver Zeus Mutates, Launches Attacks
July 10, 2014 by Cofense in Malware AnalysisToday, PhishMe’s analysts identified a new banking Trojan that is based heavily on the GameOver Zeus binary. The GameOver Zeus mutation was distributed as an attachment in three spam email templates, utilizing the simplest method of infection to compromise end users’ systems. The E-mail spam campaign From 9:06 AM to 9:55 AM we intercepted spam messages claiming to have been sent from NatWest Bank. One of the email messages used to distribute the new GameOver Zeus variant is listed below. As you can see, the message uses a common social engineering technique. It alerts the recipient to the risk of...
Attackers using Dropbox to target Taiwanese government
July 1, 2014 by Cofense in Internet Security AwarenessThreat IntelligenceWhile we have previously mentioned cyber-crime actors using Dropbox for malware delivery, threat actors are now using the popular file-sharing services to target nation-states. According to The Register, attackers targeted a Taiwanese government agency using a RAT known as PlugX (also known as Sogu or Korplug). From an anti-forensics perspective, PlugX is a very interesting piece of malware. One of the main ways it loads is by using a technique similar to load order hijacking.
Dyre Banking Trojan: What You Need to Know
June 18, 2014 by Cofense in Threat IntelligenceBeware of the Dyre banking Trojan! – A new malware threat that steals financial information such as login credentials. News of rhe Dyre banking Trojan has been circulating the web recently, following its discovery. Dyre or Dyreza as it is also known exhibits classic banking Trojan behaviors such as using “man-in-the-middle” attacks to steal private information from victims. It is also being used on customers of certain banks in targeted attacks. PhishMe identified this new malware on June 11, 2014. The Trojan is distributed via spam email messages that used similar email templates to other banking Trojan and malware distribution campaigns. Rather...
Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL
June 13, 2014 by Cofense in Internet Security AwarenessThreat IntelligenceWhen analyzing tools, tactics, and procedures for different malware campaigns, we normally don’t see huge changes on the attackers’ part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named “Dyre”. This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials.
The Chances of Becoming a Cyber Victim: A Look at Cyber Safety
June 9, 2014 by Cofense in Internet Security AwarenessWhat are the chances of becoming a cyber victim? In this post, we’ll explore the odds compared to the chances of other unrelated events. Many of us take comfort in knowing that certain bad things are not likely to happen to us, so we don’t worry too much about those things. We think our chances are pretty good. Comforting Odds: Dying from a shark attack: 300,000,000 : 1 Your opponent’s getting a Royal Flush in poker: 649,739 : 1 Being struck by lightning in California: 7,538,382 : 1 A meteor landing on your house: 182,138,880,000,000 : 1 Dying from a mountain lion...
An inside look at Dropbox phishing: Cryptowall, Bitcoins, and You (updated)
June 6, 2014 by Cofense in PhishingPost Updated on June 10 On Monday, I wrote about attackers using phishing attacks to deliver malware via links to Dropbox. Today, we received another wave of these emails with slightly different subject lines. Figures 1, 2, and 3 show the variants that were received by us in the latest campaign, and reported by our internal users. In this campaign, 10 of our users were targeted.