• Stop Threats

    End-to-End Email Security

    Defend your organization with a complete email security solution designed to identify, protect, detect & respond to threats.

    Security Awareness Training

    Condition your workforce against today’s latest threats and transform them into your front line of defense.

    Global Intelligence Network

    Protect your organization with our deep analysis into the current threat landscape and emerging trends.

    Cofense vs. The Competition

    See why the Cofense Intelligent Email Security suite stands out against the competition 

    Business Email Compromise (BEC)

    BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud. Ensure your business is protected.

    Ransomware & Malware

    Phishing is the #1 attack vector for ransomware attacks. Stop phishing attacks in their tracks.

    Credential Theft

    Protect your user’s credentials and avoid a widespread, malicious attack.

  • Solutions

    Email Security for the Enterprise

    Complete threat protection, detection and response tailored for enterprise businesses.

    Email Security for Managed Service Providers (MSPs)

    Best-in-Class Phishing Protection and Simulations designed for MSPs, from the ground up.

    Managed Email Security Solutions

    Protect your organization from attacks with managed services from the Cofense Phishing Defense Center™.

    Detect and Stop Attacks

    Automatically identify and quarantine email threats across your organization in minutes.

    Analyze & Remediate Reported Threats

    Accelerate threat detection and response, empowering fast resolution.

    Actionable Insight into Emerging Threats

    Protect your organization with our deep analysis into the current threat landscape and emerging trends.

    Easily Report Suspected Threats

    Report suspicious threats with just one click.

    Empower Your Team

    Train employees through an with award-winning Learning Management System.

    Security Awareness Training

    Condition your workforce against today’s latest threats and transform them into your front line of defense.

  • Clients

    Industries We Serve

    Businesses from all industries rely on Cofense to safeguard their teams.

    What Our Customers Say

    Global organizations trust Cofense to protect their most critical assets.

  • Resources

    Knowledge Center Hub

    Check out our resource library of solution content, whitepapers, videos and more.

    Events & Webinars

    Come see us at a local event or join us at an upcoming webinar.

    Blog

    Stay current on cybersecurity trends, market insights and Cofense news.

    Check Your SEG

    See the real threats that are currently evading your Secure Email Gateway (SEG).

  • About

    About Cofense

    Cofense stops email security threats and protects your company through our network of 35+ Million human reporters.

    News Center

    See the latest articles, press releases and more in our news center.

    Awards

    It’s an honor to be recognized in the cybersecurity market. Check out our recent awards.

    Partners

    Grow your business, drive new revenue streams, and improve your competitive posture through our Partner Program.

    Careers

    We’re looking for passionate people to join us in our mission to stop all email security threats for organizations around the globe.

    Management Team

    Get to know our management team.

Get a Demo

Spear Phishing with Password Protected Zip Files

Share Now

Facebook
Twitter
LinkedIn
The Slashdot headline this morning reads: Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms

What is it about? Simple, the poison ivy trojan wrapped in a password protected ZIP file so it can get past filtering.  Symantec has an excellent analysis of these attacks in a paper titled: The Nitro Attacks: Stealing Secrets from the Chemical Industry by Eric Chien and Gavin O’Gorman.  You can read the entire paper here.

The most recent attacks focusing on the chemical industry are using password-protected 7zip files which, when extracted, contain a self-extracting executable. The password to extract the 7zip file is included in the email. This extra stage is used to prevent automated systems from extracting the self-extracting archive.”

Packing malicious code into ZIP file and including the password in the body of the email is fairly common spear phishing technique that has been going on for quite some time.  In fact, we have specific training about this tactic available at PhishMe. Here is a small snip from our training about password protected ZIP files:

By now you may be aware of spear-phishing emails that contain malicious attachments.  We have technology in place that scans email looking for malicious attachments, but it’s not foolproof.  In this cat-and-mouse game, the bad guys are always looking for new ways to get past our safeguards.
One technique they use is placing the malicious attachment inside of a password protected ZIP file. It works like this:  the attacker zips the malicious file, then puts the password for the ZIP file in the body of the email. They do this because they know our email security tools can’t see what is inside the protected ZIP file.
 
Existing PhishMe customers:  If you haven’t gotten the message out to your people about spear phishing using password protected ZIP files, login to you account and check it out.
 

Future customers:  You could be using our award winning solution right now to train people about this exact tactic.

stay safe,

Aaron Higbee

Read More Related Phishing Blog Posts

1602 Village Market Blvd, SE #400
Leesburg, VA 20175

(888) 304-9422

Facebook-f Twitter Linkedin Youtube

Company

Resources

Get a Demo

Search

We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

Accept
This site is registered on wpml.org as a development site.