About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response



Sage and Locky Ransomware Now Sharing Delivery Infrastructure in Phishing Attacks

February 2, 2017 by Cofense in Internet Security AwarenessPhishing

BY BRENDAN GRIFFIN AND GARY WARNER Threat actors have demonstrated that despite the past two years’ explosion in new ransomware varieties, ransomware developers still believe that the market has not reached the point of saturation. Examples of encryption ransomware like Sage have made notable appearances on the phishing threat landscape in the early days of 2017, continuing the ransomware trend from 2016.


Kovter Ad Fraud Trojan Now Shipping with Locky Ransomware

January 16, 2017 by Cofense in Phishing

Over the past couple of months, the PhishMe Research Team has observed Locky ransomware being distributed alongside the Kovter ad fraud trojan. We have looked at this malware distribution channel in the past, and since then, the threat actors have evolved from using a fake file encryption threat to using a well known and effective ransomware family: Locky. In this post we will examine the history of the Kovter actors’ experimentation with ransomware and walk through a sample campaign that our PhishMe Threat Intelligence Team captured. Ransomware Evolution The distributors behind Kovter have been experimenting with “ransomware” since as early as January 2016. We place the word...


With apologies to Led Zeppelin fans: The (BEC) Song (Still) Remains the Same

December 21, 2016 by Cofense in Phishing

Almost three months have passed since I last updated you on the Business Email Compromise scam, also known as the CEO Fraud scam. Though the volume of these attacks remains high, the information security community has continued to collaborate well regarding this type of fraud, preempting the transfer of millions of dollars and identifying numerous mules in control of bank accounts around the world. Just last week, yet another phisher tried to phish PhishMe. Our CTO, Aaron Higbee, reported on early attempts in September 2015 when he also described the use of PhishMe Reporter to phish-back and collect details of the phisher’s...


Fortifying Defenses with Human-Verified Phishing Intelligence

December 15, 2016 by Mike Saurbaugh in Cyber Incident ResponsePhishingThreat Intelligence

Mining Phish in the IOCs PhishMe® and Palo Alto Networks® are providing security teams with the ability to ingest human-verified phishing intelligence in a standard format that can be automatically enforced as new protections for the Palo Alto Networks Next-Generation Security Platform through the MineMeld application. Through this integration, PhishMe and Palo Alto Networks are providing a powerful approach to identifying and preventing potentially damaging phishing attacks. The challenge of operationalizing threat intelligence Ransomware, business email compromise (BEC), malware infections, and credential-based theft all primarily stem from a single vector of compromise – phishing. Operationalizing threat intelligence, especially when it...


An Open Enrollment Reminder – Phishers Want Your HSA Money!

November 30, 2016 by Cofense in Internet Security AwarenessPhishing

As the end of the year approaches, many companies are communicating with their employees about benefits and Health Savings Accounts via email. Criminals realize this and have decided to get in on the action!  More consumers than ever are using HSAs as a way to save pre-tax income for future medical expenses. A report released by Devenir Research shared that, as of August 2016, 18.2 million HSA accounts currently hold $34.7 billion in assets – a 22% growth over 2015, and projects that by the end of 2018, more than $50 billion will be on deposit in HSA accounts. That’s...


A Warning on Christmas Delivery Scams

November 23, 2016 by Cofense in Internet Security AwarenessThreat Intelligence

The time of year has once again arrived when post offices are busier than the freeway on a Friday evening. We buy gifts, online and in stores, and we send and expect packages to and from the far corners of the country, continent, and even the world. Yet behind this frenzy of merriment skulk a series of dangers. Although Christmas is still more than a month away, scammers of this kind have already been active in various areas across the US. For a number of years, security experts have grown to expect a hike in the number of internet scams being...


Beware: Encryption Ransomware Varieties Pack an Extra Malware Punch

November 11, 2016 by Cofense in Threat Intelligence

As the public becomes more and more aware of ransomware threats through journalistic outlets and the advice of security professionals, threat actors face more challenges in successfully monetizing the deployment of their tools. The longevity of ransomware as a viable criminal enterprise relies upon the continued innovation that ensures threat actors can deliver and monetize infected machines. Much of the innovation seen in 2016 was focused on defying the expectations for how ransomware is delivered such as steganographic embedding of ransomware binaries, other forms of file obfuscation, and requirements for command line argumentation. These were all put forward as ways...


Unscrupulous Locky Threat Actors Impersonate US Office of Personnel Management to Deliver Ransomware

November 8, 2016 by Cofense in Threat Intelligence

Update 2016-11-11: It is important to PhishMe to avoid hyperbolic conclusions whenever possible. In the interest of clarifying some conclusions that have been drawn from this blog post, it is important to keep in mind the nature of Locky distribution and how this malware is delivered to victims. We consider it a serious responsibility to report on very real threats in a way that lends itself to our credibility as well that the credibility of all information security professionals. PhishMe has no reason to believe that this set of emails was delivered only to victims of the OPM incident nor...


12 Days of Phishless Christmas recap

December 26, 2012 by Cofense in Phishing

Happy Day After Christmas everyone! Thankfully the world didn’t end last Friday, and we were able to finish the 12 Days of Phishless Christmas campaign. Hopefully you are spending today on the couch nursing your eggnog and Christmas cookie hangover, out at the mall returning that Cosby sweater your Aunt gave you, or getting ready to watch the Little Caesar’s Bowl.


Phishless Christmas Halfway Point Update

December 19, 2012 by Cofense in Phishing

We’re at the halfway point of our 12 Days of Phishless Christmas campaign, and we have been having a great time interacting with our followers while also raising money for some great charities. We’d like to recognize our first five winners, as well as the charities they have chosen for their donations.


On the first day of Phishless Christmas, PhishMe gave to me…

December 13, 2012 by Cofense in Phishing

It’s been an excellent year for us all here at PhishMe, and to celebrate the holidays and give thanks, we’re giving our followers a chance to earn money for charity through what we are calling the 12 Days of Phishless Christmas. Starting Friday, December 14, and continuing each day until Christmas Day, we’ll be tweeting every day with a new opportunity for our followers to win a donation to charity in their name.


What Trend Micro’s research means for organizations

November 29, 2012 by Rohyt Belani in Malware AnalysisPhishingThreat Intelligence

Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution. Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.


Cyber Monday phishing scams could affect the workplace

November 21, 2012 by Cofense in Phishing

If you’re like me, then the idea of fighting the midnight crowds on Black Friday holds limited appeal, even if it means getting an 80% discount on a big screen TV. But thanks to Cyber Monday, people can get ridiculous deals without peeling themselves away from their computers – or offices.


Presidential Phishing Scams: Examining Voter Vulnerability

November 5, 2012 by Cofense in Phishing

With emotions running high during election season, an email with the name Romney or Obama in the subject line could make even an experienced user click on a malicious link. Spammers are taking advantage of the Presidential election buzz and using malware-laden emails to target users. Many of these emails don’t have any visible consequences, so users may not even realize when malware is infiltrating their personal computers or mobile devices. But what about the potential danger this malware can bring into your workplace from these spear phishing scams?


Breaking the Myths of Social Engineering

October 1, 2012 by Rohyt Belani in Internet Security AwarenessPhishing

Last week, a Washington Post article by Robert O’Harrow offered an interesting look at the most common attack vector used by cybercriminals to penetrate enterprises today: spear phishing. While we applaud (loudly) the thrust of the article – that enterprises need to educate users on the dangers of spear phishing – there are some very real challenges in user education that the article does not address.


Why PhishMe makes Pentesters Uncomfortable

August 31, 2012 by Aaron Higbee in Cofense NewsPhishing

I read Aitel’s article right before leaving for BlackHat: “Why you shouldn’t train employees for security awareness” Popcorn in hand, this should be a fun read. After all, we agree that traditional awareness methods don’t seem to be sticking.


LinkedIn password leak: What it means for phishing

June 6, 2012 by Aaron Higbee in Phishing

Spoiler: LinkedIn password leak: What it means for phishing?  Answer:  Not Much! When people talk to us about phishing, they often want to know “What’s next in phishing? What else are you seeing?” This gets asked a lot, and is one of my least favorite questions because the truth is, email based spear phishing works as-is It has no reason to evolve right now.