Phish Fryday – Cyber Insurance and Risk Management

Risk management is more than just ensuring bad things don’t happen. There are some risks that can’t be adequately mitigated and organizations look to risk transference, such as insurance, to help protect them. In this episode, we speak with Darren Thomson, head of Cyber Security Strategy at CyberCube, to discuss the role of cyber insurance in cyber risk management.

Mentioned in this episode:

CyberCube

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Phishing and Ransomware in Healthcare

While phishing attacks and ransomware affect all industries, healthcare is particularly vulnerable. Medical equipment running outdated software, limited budgets, and a need to provide lifesaving actions without delay increase cyber risk beyond the confidentiality demands of HIPAA. In this episode, we speak with Gerald Auger, a Security Architect with the Medical University of South Carolina about the challenges the healthcare industry faces.

Mentioned in this episode:

Wood Ranch Medical closes due to ransomware attack

Health Industry Cybersecurity Practices

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Coronavirus and Awareness Training

With much of the world focused on COVID-19, or Coronavirus, attackers are taking advantage of the resulting concern to target potential victims with Coronavirus-themed scams. A result of this is the decision to use these scams as part of phishing awareness training. In this special episode, we speak with Cofense Co-Founder and Chief Technology Officer Aaron Higbee and Security Solution Advisor Tonia Dudley to talk about Cofense’s stance towards the use of these templates and how organizations can balance the need to keep their people informed but protected.

Links mentioned in the show:

Jake Williams’ (@Malwarejake) Twitter Poll

Cofense Coronavirus Resource Center

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Phishing Awareness Programs

When a phishing attack hits a user’s inbox, you know your perimeter defenses have failed, leaving it up to your humans to detect and report the attack. This doesn’t happen by chance. It takes a sound phishing awareness program to tune a user’s senses to suspicious emails and educate them on how to report. In this episode, we speak with Cofense Chief Technology Officer Aaron Higbee and Security Solution Advisor Tonia Dudley to talk about the goals of these programs and how to mature them to protect your organization.

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Encrypted Loaders

With over 90% of malware being distributed by email (according to the 2019 Verizon DBIR), malspam is a serious concern for phishing defenders. Cofense has recently seen new methods used by attackers to make it even harder for researchers to analyze their malicious payloads. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon about what these new methods are, the challenges they present to defenders and researchers, and what we can do to protect ourselves.

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – 2019 Q4 Malware Trends – Part 2

Cofense Intelligence recently released their strategic analysis of malware trends of the last quarter of 2019, along with some predictions for the coming year. In our previous episode, we looked at some of the trends seen at the end of last year. In this second part, we speak with two key contributors on the report, Cofense Cyber Threat Intelligence Analyst Max Gannon and Senior Intelligence Specialist Alan Rainer as they look ahead as to what organizations should be anticipating in the threat landscape and how to prepare for them.

For more information on topics mentioned in this episode, please visit:

Q4 2019 Malware Trends Report

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – 2019 Q4 Malware Trends – Part 1

Cofense Intelligence recently released their strategic analysis of malware trends of the last quarter of 2019, along with some predictions for the coming year. In this 2-part episode, we speak with two key contributors on the report, Cofense Cyber Threat Intelligence Analyst Max Gannon and Senior Intelligence Specialist Alan Rainer. In part 1, we’ll discuss the evolutionary nature of attacks at the end of 2019, including 4 key pieces of malware of note. In part 2, we’ll look ahead as to what organizations should be anticipating in the threat landscape and how to prepare for them.

For more information on topics mentioned in this episode, please visit:

Q4 2019 Malware Trends Report

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Agent Tesla

Agent Tesla appeared on the malware scene in 2014 as a simple keylogger. We’ve seen this malware expand capabilities over the years, making it still one of the more popular types of malware distributed in phishing attacks. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Aaron Riley about the history of Agent Tesla, how it evolved, and how to defend against it.

For more information on topics mentioned in this episode, please visit:

Agent Tesla is a Top Phishing Threat

Krebs on Security – Who Is Agent Tesla?

CVE-2017-11882 – Microsoft Equation Editor Vulnerability

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Phishing with the Microsoft Equation Editor Vulnerability

Back in 2017, Microsoft announced a vulnerability in their Equation Editor, dubbed CVE-2017-11882. This memory corruption vulnerability allowed attackers to execute malicious code in the context of the exploited user. Here we are in 2020 and the vulnerability is still be exploited in phishing attacks. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon about what the vulnerability is, why it’s still being exploited, and what organizations can do to better defend against these attacks.

For more information on topics mentioned in this episode, please visit:

NIST CVE Details

Cofense “Patch or Pass” blog post

Questions or comments? Reach us at phishfryday@cofense.com

Phish Fryday – Ransomware Trends

2019 saw an increase in ransomware attacks against public organizations, as we witnessed numerous headlines reporting outages and ransom demands. With ransom payments being made, should we expect to see these attacks increase? In this episode we speak with Cofense Cyber Threat Intelligence Analyst Aaron Riley about what we saw and what we should be planning for in the coming year.

For more information on topics mentioned in this episode, please visit:

EMSISoft State of Ransomware Report

Cofense – Ransomware in 2020

Questions or comments? Reach us at phishfryday@cofense.com