About Cofense
About Cofense
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response



Dridex Experimenting with New Attack Vectors

February 10, 2016 by Cofense in Phishing

A few weeks ago, we posted an article about how Dridex is experimenting with different families of malware and techniques. When one threat actor starts shifting TTP’s, it’s usually a big deal. Attackers get comfy in their infrastructure, some survive sinkholes, and they continue spamming or stealing money. One shift takes time, effort, and money on the attackers part. The part that people often forget is that attackers need people to maintain backends, code the malware, code panels, and patch exploits as researchers find them, or else they are going to be exploited by said researchers.


FluxerBot: Nginx Powered Proxy Malware

February 4, 2016 by Cofense in Phishing

What first appeared last week to be yet another malspam campaign solely spread to infect victims with Andromeda, also downloaded some interesting second stage payloads; including several keyloggers and what was later discovered to be labeled as the Fluxer proxybot. The initial malspam lures contained Italian language informing its victims that he or she has received an invoice as the message attachment. The message attachment is a ZIP archive which contained the Andromeda malware installer. More information about this campaign can be found by ThreatHQ customers in Threat ID 5316.


PhishMe® Triage Integrates with OpenDNS’ Investigate API for Intelligent Incident Response

January 28, 2016 by Cofense in Phishing

The APIs have it – Emphasis on ‘I’– Individuals, Integrate, Investigate, and Incident Response Everyday, PhishMe is helping enterprise employees change their behavior against the top threat leading to many of today’s high profile breaches – phishing. Our customers empower their employees to report suspicious email thereby creating a rich source of actionable intelligence for incident responders. Triage provides security operations center (SOC) analysts and incident responders a way to automate the identification, prioritization, and remediation of these phishing threats. This threat intelligence can then be shared with other teams to better protect your enterprise.


Phishing Scams Cost UK Consumers £174m In 2015

January 22, 2016 by Cofense in Phishing

In response to the findings that Phishing Scams Cost UK Consumers £174m last year, Ronnie Tokazowski, senior researcher at PhishMe have the following comments on it. Read More


Dridex, Pony, and Neutrino…oh my!

January 19, 2016 by Cofense in Phishing

From time to time, there will be an overlap with malware infrastructure where one attacker will compromise another attacker’s infrastructure. Typically, this is part of the “compromised infrastructure” which can fluctuate, and attackers have even been seen to uninstall one another’s malware. However, in this case, we strongly believe that the actors are experimenting with Dridex, Pony, and Neutrino.


Translation Update: How to Pwn an Electric Company (or Anyone Else, for That Matter)

January 6, 2016 by Cofense in Phishing

1/13/2016 Update: The blog has been updated to reflect the translation of the BlackEnergy word document. On January 4th, ESET released an amazing blog post about the BlackEnergy Trojan being used to attack power companies in the Ukraine to knock out the power in some areas. While this is not the first time we’ve seen cyber attacks become kinetic, the BlackEnergy attacks could have been prevented.


Enterprise Phishing Susceptibility Analysis

December 21, 2015 by Cofense in Phishing

Analysis overview: 8 million emails over a 13 month span 75% of organizations are training more than 1,000 employees Representing organizations from US (86%) and Europe (14%) Representing 23 industries Tackling a mountain of unmined data in search of answers can be a daunting task. Starting from scratch, we understood that we would likely face challenges to our pre-conceived notions of what works well and were prepared to accept what the data would tell us, however challenging it might be. Our goals were simply to understand what and how much data was available for analysis. We began with basic questions;...


Using RTF Files as a Delivery Vector for Malware

December 9, 2015 by Cofense in Phishing

During malware analysis we often see attackers using features in creative ways to deliver and obfuscate malware. We’ve recently seen an increase with samples leveraging RTF temp files as a delivery method to encapsulate and drop malware.


CNBC Squawk Box Tackles Multi-Billion Dollar Enterprise Phishing Problem, Taps PhishMe CEO Rohyt Belani for Expert Opinion

December 4, 2015 by Cofense in Phishing

NEW YORK, NEW YORK — This morning, CNBC Squawk Box anchors tackled the enterprise phishing scourge with the assistance of PhishMe CEO and recognized cybersecurity thought leader, Rohyt Belani. As pointed out by anchor Andrew Ross Sorkin at the beginning of the segment, phishing attacks are responsible for more than 90 percent of the major data breaches taking place today and were cybercriminals’ primary attack vector for recent compromises at the OPM and Anthem.