Phish Fryday – 2019 Q4 Malware Trends – Part 2

Cofense Intelligence recently released their strategic analysis of malware trends of the last quarter of 2019, along with some predictions for the coming year. In our previous episode, we looked at some of the trends seen at the end of last year. In this second part, we speak with two key contributors on the report, Cofense Cyber Threat Intelligence Analyst Max Gannon and Senior Intelligence Specialist Alan Rainer as they look ahead as to what organizations should be anticipating in the threat landscape and how to prepare for them.

For more information on topics mentioned in this episode, please visit:

Q4 2019 Malware Trends Report

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – 2019 Q4 Malware Trends – Part 1

Cofense Intelligence recently released their strategic analysis of malware trends of the last quarter of 2019, along with some predictions for the coming year. In this 2-part episode, we speak with two key contributors on the report, Cofense Cyber Threat Intelligence Analyst Max Gannon and Senior Intelligence Specialist Alan Rainer. In part 1, we’ll discuss the evolutionary nature of attacks at the end of 2019, including 4 key pieces of malware of note. In part 2, we’ll look ahead as to what organizations should be anticipating in the threat landscape and how to prepare for them.

For more information on topics mentioned in this episode, please visit:

Q4 2019 Malware Trends Report

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Agent Tesla

Agent Tesla appeared on the malware scene in 2014 as a simple keylogger. We’ve seen this malware expand capabilities over the years, making it still one of the more popular types of malware distributed in phishing attacks. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Aaron Riley about the history of Agent Tesla, how it evolved, and how to defend against it.

For more information on topics mentioned in this episode, please visit:

Agent Tesla is a Top Phishing Threat

Krebs on Security – Who Is Agent Tesla?

CVE-2017-11882 – Microsoft Equation Editor Vulnerability

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Phishing with the Microsoft Equation Editor Vulnerability

Back in 2017, Microsoft announced a vulnerability in their Equation Editor, dubbed CVE-2017-11882. This memory corruption vulnerability allowed attackers to execute malicious code in the context of the exploited user. Here we are in 2020 and the vulnerability is still be exploited in phishing attacks. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon about what the vulnerability is, why it’s still being exploited, and what organizations can do to better defend against these attacks.

For more information on topics mentioned in this episode, please visit:

NIST CVE Details

Cofense “Patch or Pass” blog post

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Ransomware Trends

2019 saw an increase in ransomware attacks against public organizations, as we witnessed numerous headlines reporting outages and ransom demands. With ransom payments being made, should we expect to see these attacks increase? In this episode we speak with Cofense Cyber Threat Intelligence Analyst Aaron Riley about what we saw and what we should be planning for in the coming year.

For more information on topics mentioned in this episode, please visit:

EMSISoft State of Ransomware Report

Cofense – Ransomware in 2020

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – URL Scanners as Part of Phishing Defense

URL Scanners are a great way to investigate potentially malicious websites in a low-risk way. Attackers, however, are adapting to these tools to escape detection and keep the pressure on defenders. In this episode, we speak with Cofense Security Consultant Chris Hall to discuss the usefulness of these scanners, how attackers are adapting, and what these scanner services may need to do to stay useful.

For more information on topics mentioned in this episode, please visit:

Are URL Scanning Services Accurate for Phishing Analysis?

VirusTotal

URLScan.io

REMnux

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Office Macros in Phishing Attacks

Automation with macros in Microsoft Office documents has been with us for decades. The abuse of these macros has been with us for almost as long, as attackers leverage the functionality  – and the common permissions needed to run them – to cause considerable harm to organizations. In this episode, we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon to discuss the latest phishing threats and how they leverage macros to compromise organizations.

For more information on topics mentioned in this episode, please visit:

Complimentary Threat Alerts

PowerShell Scripts Delivered by Office Macros

Geodo Malware Campaigns

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Cloud Services in Phishing Attacks

Cloud platforms, such as Google Docs, Microsoft OneDrive, and Dropbox provide tremendous value to organizations looking to collaborate. Unfortunately, there are plenty of attackers willing to leverage our trust in these platforms for their own gain. On this week’s episode, we speak with Cofense Senior Intelligence Specialist Alan Rainer about the various ways attackers are using these technologies to bypass defenses and distribute malware and execute phishing campaigns.

For more information on topics mentioned in the discussion, please check out the following articles:

Raccoon Stealer

The UK Ministry of Justice Campaign

Agent Tesla

Phish Fryday – Tension between Iran and the US Increases Cyber Threat

As the situation between Iran and the United States escalates, there has been considerable speculation as to how Iran might respond to the recent actions of the US. In this episode, we speak with Mollie MacDougall, an expert on cyber and international security and the Product Manager for Cofense Threat Intelligence, to learn more about Iran’s cyber capabilities and their history in the use of cyberattacks.

Phish Fryday – The Latest on Emotet

The Emotet botnet has undergone quite a few changes in 2019 and Cofense Senior Research Engineer Jason Meurer joins us to discuss the latest variations. What has changed and how can organizations continue to detect and protect themselves from Emotet? Tune in to find out.

For more background on Emotet and the latest Cofense Research, help yourself to our blog posts:

Want to simulate a holiday phish? This one’s from your friends at Emotet.

Emotet Modifies Command & Control URI Structure

Emotet Malicious Phishing Campaigns Return in Force