Cofense Uniting Humanity Against Phishing at 2020 RSA Conference

LEESBURG, Va. – February 6, 2020 – Cofense, the global leader in intelligent phishing defense solutions, today announced the company’s presence at RSA Conference 2020, taking place February 24-28 in San Francisco. This year’s RSAC theme will focus on the most powerful asset in protecting against cyberattacks – the “Human Element”, the beating heart of Cofense’s mission. As threat actors continuously innovate to slip past technologies put into place to protect both organizations and consumers alike, the security community is increasingly aware that artificial intelligence and machine learning alone are not silver bullets to protect against today’s emerging and sophisticated attacks; empowering humans to act as the last line of defense is critical for a truly multi-layered and integrated cyber defense posture.

“Phishing is a uniquely human and global problem, and our long-standing stated purpose is to unite humanity against phishing,” said Rohyt Belani, chief executive officer and co-founder, Cofense. “Our 21 million plus end users act as human sensors, reporting thousands of suspicious emails to security operations teams daily. The collective human intelligence of the Cofense customer base provides SOC teams with visibility into threats that evade security controls every single day.”

To shed light on how humans are integral to organizational defense, Cofense Security Solutions Advisor, Tonia Dudley, will present an interactive workshop as part of RSA’s Learning Labs. Dudley’s session, “Hearts and Minds: Shaping a Successful Awareness Program”, will take place on Wednesday, Feb. 26 at 9:20 a.m. PT, addressing why changing humans is more art than science. The workshop will explore psychological challenges we all face – apathy, fatigue and denial – as well as the inherent benefits in human physiology, such as how our brain chemistry responds to stories. In addition to focusing on phishing defense advocacy and demonstrating how Cofense solutions help organizations across the globe minimize the impact of attacks and reduce costs, Dudley also holds a seat on the National Cybersecurity Society board to provide support and resources for the small business community to improve online safety and security.

RSA Conference attendees can learn more about Cofense by visiting the company’s two booths, located in the South Expo hall at booth #1235, and the North Expo hall at booth #4436. During expo hall hours, Cofense will have six live demo stations where visitors can interact with technology experts and see Cofense’s market-leading intelligent phishing defense solutions, including:

Cofense Vision®

  • Equips SOC teams with the tools they need to find and remove the phishing threats sitting unreported in recipients’ mailboxes, providing remediation in minutes rather than hours or days
  • Provides a privacy-first phish threat hunting platform that supports an organization’s compliance needs without sacrificing search performance
  • *NEW* Auto-quarantine: When combined with Cofense Triage®, enables organizations to auto-quarantine any new email threats received that match a previous Cofense Vision search, reducing analyst overhead and risk exposure

Cofense Triage

  • Leverages a large library of powerful rules, driven by human intelligence, to cut through the noise of suspicious email reports and focus analyst attention on the threats that matter
  • Accelerates phishing qualification, investigation and response by automating standard responses to suspicious emails to make analysts more efficient, driving actionable intelligence faster
  • Provides a full-featured API to integrate with SIEM, SOAR, and other enterprise systems to maximize an organization’s security investment and reduce response time and analyst effort in finding and remediating phishing threats

Cofense Intelligence®

  • Using a global, proprietary network of sensors and sources, provides unrivalled insights into the rapidly evolving threat landscape, including tools, techniques and procedures that are not only observed in the wild, but verified to bypass existing enterprise security controls such as Secure Email Gateways (SEGs)
  • Delivers actionable intelligence that supports organizational defense initiatives

Cofense PhishMe®

  • Educates enterprise end users on the real attacks facing organizations – including those that evade SEGs – transforming them into the last line of active defense against cyber attacks
  • Responsive Delivery: Improves user engagement and optimizes simulation program effectiveness for enterprises of all sizes by delivering email simulations only when the recipient is active in their inbox, eliminating whitelisting and global scheduling issues and reducing false positives caused by changes in email security tools
  • *NEW* Recipient Sync
    • Automates provisioning, updates and deprovisioning of Cofense PhishMe recipients from Azure AD using standards based SCIM 2.0 without the need for an additional tool
    • Allows operators to fully control which information gets shared and synced

In addition, booth visitors can enjoy giveaways and daily activities at the South Expo Hall Booth #1235, allowing them to:

  • Unwind after a long day at happy hour on Tuesday from 4 – 6 p.m.
  • Cool down with ice cream and meet Cofense experts on Wednesday from 2 – 4 p.m.
  • Fuel up on the final day with espressos and cappuccinos on Thursday from 10 a.m. – 3 p.m.

###

About Cofense
Cofense, formerly PhishMe, the leading provider of intelligent phishing defense solutions worldwide, is uniting humanity against phishing. The Cofense suite of products combines timely attack intelligence sourced from employees, with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, health care and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise. For more information, please visit www.cofense.com.

The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos included in this press release are registered trademarks or trademarks of Cofense Inc. All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.

Media Contact
press@cofense.com

Cofense Helps 2020 Presidential Candidates Secure Their Campaigns from Pervasive Phishing Attacks

Leesburg, Va. – Jan. 23, 2020 – Cofense, the global leader in intelligent phishing defense solutions, today announced its partnership with Defending Digital Campaigns (DDC), a nonprofit and nonpartisan organization committed to bringing cybersecurity tools and resources to federal election campaigns. Under the new partnership, DDC qualified campaigns can leverage Cofense’s experience, expertise and managed phishing defense service to strengthen their resilience against email-based cyberattacks during the 2020 election cycle.

“There is not a single anti-phishing technology on the market that will stop phishing emails from hitting campaigners’ inboxes.” said Aaron Higbee, chief technology officer and co-founder, Cofense.  “No candidate wants to relive the successful phishing attacks that have plagued elections across the globe these past several years. Every day, we find hundreds of malicious threats in supposedly ‘protected’ email environments. Our methods have prevented sophisticated APT29 email phishing attacks that make the Podesta phish look childish. As most attacks target specific individuals, it’s critical campaign managers prepare their teams to react quickly to what is about to come. We’re proud to partner with the DDC to provide candidates and campaign workers the support they need to better defend against malicious actors.”

“Protecting campaigns from cybersecurity threats is essential to our democratic process, and Cofense understands the critical importance this plays,” said Michael Kaiser DDC President and CEO. “We are excited to partner with Cofense, who pioneered phishing defense, so campaigns can more quickly and easily implement better cybersecurity practices.”

Cofense’s new managed Election Phishing Defense Service is now available to eligible campaigns, a special permission granted to DDC by the Federal Election Commission, to bolster their phishing resilience in a single, managed service at minimal cost, allowing them to stay focused on what they do best – campaigning:

  • Phishing simulation training to prepare staff to identify and report phishing incidents
  • Cofense Reporter, a one-click embedded email button, to enable staff to quickly report suspicious messages
  • Phishing analysis provided by Cofense to quickly identify and mitigate a phishing incident

Additionally, Cofense has launched an educational site that will be updated with resources such as threat intelligence, best practices, and expert perspectives. To learn more, visit: https://cofense.com/election-security/

###

About Cofense

CofenseTM, formerly PhishMe®, the leading provider of intelligent phishing defense solutions worldwide, is uniting humanity against phishing. The Cofense suite of products combines timely attack intelligence sourced from employees, with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, health care and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

 

About Defending Digital Campaigns

Defending Digital Campaigns (DDC), a 501(C)4, is a nonpartisan and non-aligned organization focused on increasing campaign cybersecurity by making available free and low-cost cybersecurity products.  DDC operates under a Federal Election Commission administrative opinion allowing for the provision of in-kind cybersecurity services to eligible campaigns.

DDC’s was founded and lead by former presidential campaign managers for Hillary Clinton and Mitt Romney, tech and cybersecurity industry leaders, and former senior officials at the NSA and DHS.

 

Media Contact

press@cofense.com

Cofense to Host Third Annual Phishing Defence and User Conference in London

LONDON, United Kingdom – 22 January, 2020 – Cofense, the global leader in intelligent phishing defence solutions, today announced registration is open for Submerge London, its international user conference and phishing defence summit. Taking place at the Hilton Canary Wharf from 5-6 May 2020, Submerge London is Europe’s premier event for phishing defence and incident response, providing two full days of technical and educational sessions led by industry leaders and security experts.

The third annual conference promises even deeper hands-on content than ever before including more than 20 sessions covering the latest phishing defense strategies and tactics, case studies presented by leading industry professionals and ample networking opportunities with peers from across the world. As with previous years, there will also be a wealth of speaker tracks over the two days, truly submerging attendees into the latest anti-phishing best practices and how they can unlock the power of collective human intelligence to defend against advanced cyber threats.

Those interested in sharing their knowledge and expertise at the event can submit a presentation abstract for consideration through the Call for Speakers submission form, focusing on one of four topics: Innovation in Phishing Awareness; Aligning Phishing Defence to the Business; Phishing Incident Response; or the Phishing Threat Landscape.

“The email security threat landscape is constantly evolving with attackers innovating their way past security controls on a daily basis,” said Rohyt Belani, chief executive officer and co-founder, Cofense. “That’s why it’s important cybersecurity professionals stay ahead of the latest attack vectors and be prepared for threats heading their way. With a 95% recommendation rate from previous attendees, we’re thrilled to bring organizations, partners and industry leaders the tools and knowledge they need to ramp up their phishing defence programs.”

Submerge London 2020 is open to existing Cofense customers and non-customers. The event is ideally suited for cybersecurity professionals, operators, and decision makers who focus on email security and phishing defence. Early bird registration discounts for Submerge London 2020 are available until 1st March, where tickets are available for £49 – half the regular rate. Those interested in attending can register here and find further information on the event and venue.

About Cofense

CofenseTM, formerly PhishMe®, the leading provider of intelligent phishing defense solutions worldwide, is uniting humanity against phishing. The Cofense suite of products combines timely attack intelligence sourced from employees, with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

 

Media Contact

press@cofense.com

Cofense Debuts Phishing Defense Podcast

 

Leesburg, Va. – Jan. 17, 2020 – Cofense, the global leader in intelligent phishing defense solutions, today announced the debut of its phishing defense podcast, Phish Fryday. Gathering leading experts and threat researchers across Cofense’s security intelligence groups including Cofense Labs, Cofense Intelligence and the Cofense Phishing Defense Center, the new podcast provides security teams and analysts with weekly insights into the latest phishing threats, trends and news so they can stay ahead of the latest attacks.

With most data breaches occurring as a result of a successful phishing attack, defenders are constantly seeking to understand the latest evolving threats and tactics used by phishers to bypass popular security technologies. Cofense analyzes millions of emails and malware samples every day—both in the wild and within organizations’ environments – to identify new and emerging malware, providing organizations recommendations so they can quickly and proactively defend their organization.

“The key differentiator between Cofense and our competitors is the actionable intelligence that underpins all of our solutions,” said Rohyt Belani, chief executive officer, Cofense. “Our unique view of the cyber-threat landscape allows us to provide valuable and timely insights into active phishing threats that consistently bypass email gateways. We’re thrilled to further extend and share our expertise through Phish Fryday as we strive to unite humanity against phishing.”

The debut season includes the following episodes:

  • Episode 1: Cofense Labs’ Jason Meurer discusses Emotet’s recent evolutions, including modifications to its URI structure, new templates used and new information targeted by the botnet.
  • Episode 2: As tensions escalate between the U.S. and Iran, Mollie MacDougall of Cofense Labs, an expert on cyber and international security, explains Iran’s cyber capabilities and its history of cyberattacks.
  • Episode 3: Alan Rainer from Cofense Intelligence discusses how attackers are using trusted cloud services to evade security technologies and compromise corporate networks.
  • Episode 4: Max Gannon of Cofense Intelligence shines a light on Office macro attacks, how they are leveraged by attackers and why it’s challenging for organizations to defend against them.

To listen and subscribe to the Phish Fryday podcast, visit: https://cofense.com/category/podcast/phish-fryday/

###

About Cofense

CofenseTM, formerly PhishMe®, the leading provider of intelligent phishing defense solutions worldwide, is uniting humanity against phishing. The Cofense suite of products combines timely attack intelligence sourced from employees, with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, health care and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

 

Media Contact

press@cofense.com

Cofense Teams Up with AwareGO to Expand Security Awareness Training

LEESBURG, Va. – Nov. 5, 2019 – CofenseTM, the global leader in intelligent phishing defense solutions, and AwareGO (awarego.com), creators of succinct, high-quality security awareness training videos, today announced their partnership to empower organizations across the globe to tackle today’s top security issues head-on. Cofense’s security awareness training library now includes AwareGO’s security awareness videos covering critical topics facing today’s employees such as business email compromise, privacy, and insider threats.

Fifteen modules are currently available to customers of Cofense’s PhishMe solution. Since releasing Cofense CBFree as part of National Cybersecurity Awareness Month (#BeCyberSmart) in October 2015, Cofense has recognized that creative, accurate content and training materials are important to security awareness professionals to keep their programs engaging and interesting to maximize success with employees.

“Our goal has always been to create high-quality security awareness training videos that users can relate to,” says Ragnar Sigurdsson, CEO and founder, AwareGO. “We are truly excited to work with Cofense and provide them with our content. Not only are we collaborating to make cyber security training better and more engaging, it’s also an effort to make businesses more cyber secure in the long run. It’s an honor to work with Cofense and we see it as an affirmation to the quality of our videos that they chose to work with us.”

“All organizations must educate their employees about cyber security risks,” said Allan Carey, vice president of business development, Cofense. “That’s why we’re proud to partner with AwareGO to bolster the fresh, engaging and relevant training content available to customers and their employees. Effective employee education, training and behavioral conditioning is a critical element of a robust cyber defense strategy, allowing organizations to enhance their resiliency to attacks.”

###

About AwareGO
Made in Iceland by cyber security experts, AwareGO offers world’s simplest security awareness training (SAT) platform and a unique and innovative way to reach a diverse audience with super-short videos. AwareGO has mastered the formula to get end users to buy into cyber security education.

 

About Cofense
CofenseTM, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions worldwide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, health care and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

 

AwareGO Media Contact
Neil Butchart
neil.butchart@awarego.com

 

Cofense Media Contact
press@cofense.com

Cofense Releases Annual Phishing Report; Flips Myth that Employees Are the Weakest Link in Cyber Defense

Record-breaking 20 million active phishing Reporters and 100+ million phishing simulations inform extensive study

Simulation frequency, relevance and employee reporting form resiliency trifecta

Leesburg, Va. – Oct. 30, 2019 – Armed with data generated by millions of real people, along with intelligence collected from more than 10 million phishing simulations delivered every month, the 2019 CofenseTM Annual Phishing Report, released today, sheds a light on employees’ susceptibility to fall for attacks and organizations’ phishing resiliency – a measure that tracks behavioral change from clicking phishing emails to active defense through reporting. Contrary to popular belief, employees are a powerful force that play a pivotal role in an enterprise’s phishing defense strategy. In fact, when properly conditioned to recognize and report attacks through regular and relevant phishing simulations, organizations are more likely to successfully defend against attacks designed to compromise customer information, steal intellectual property or destroy company data and IT infrastructure.

Cofense, the global leader in intelligent phishing defense solutions, has equipped more than twenty million people in organizations across the globe to report suspicious emails through Cofense ReporterTM, an easy to use, one-click email toolbar button.

“Security practitioners need to repudiate the common misconception that end users are the weakest link in organizational defense,” said Aaron Higbee, cofounder and chief technology officer, Cofense. “In fact, employees are the last and ultimate line of defense. With more than twenty million people across the globe empowered to flag potential attacks through Reporter, Cofense is helping thousands of organizations turn their workforce into highly tuned human sensors adept at reporting suspicious emails that frequently bypass security technologies.”

The research reveals three distinct best practices help organizations strengthen their resiliency and empower their users to become active defenders against attacks:

  1. Reporting: Organizations that arm their workforce with a straightforward and easy way to report suspicious emails exhibit strong phishing resiliency rates; in simulation exercises, their end users report phishing emails more than twice as often as they fall for the bait.
  2. Frequency: Regular phishing simulations significantly improve reporting rates and drive down users’ susceptibility to fall for phishing attacks. Organizations that run 12 or more simulations per year have twice as higher resiliency rates compared to those running fewer than 12.
  3. Relevance: Simulations that imitate real phish seen in the wild lead to markedly higher reporting rates and lower susceptibility rates amongst end users compared to organizations that randomly select phishing scenarios.

The ultimate pay-off of high organizational resiliency materializes when SOCs transform reported emails they receive into actionable intelligence. When well-positioned to prioritize and analyze employee-reported emails, SOCs can quickly and efficiently cut through the noise and neutralize a threat in minutes.

Report Available Now

To download the Cofense Annual Phishing Report, visit: http://phish.me/4zMY30pNtFt. Additionally, Cofense will also host a free webinar on November 12, 2019 at 2:00 p.m. EST.

About Cofense

CofenseTM, formerly PhishMe®, the leading provider of intelligent phishing defense solutions worldwide, is uniting humanity against phishing. The Cofense suite of products combines timely attack intelligence sourced from employees, with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, health care and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact

press@cofense.com

Cofense and Eze Castle Integration Partner to Strengthen Security Awareness in the Investment Industry

LEESBURG, Va. – October 16, 2019 – Cofense™, the global leader in intelligent phishing defense solutions, today announced it has entered a strategic Managed Security Services Provider (MSSP) partnership with Eze Castle Integration, a leading provider of managed services and complete cloud solutions for the investment industry. Cofense will provide world-class security awareness and phishing simulation solutions to Eze Castle, enhancing their cybersecurity services portfolio to offer an end-to-end managed awareness and phishing simulation service for their financial customers.

Cyber-attacks and data breaches remain at the top of risks facing organizations today, and the majority of breaches begin with phishing. Effective employee education, training and conditioning is a critical element of a robust cyber defense strategy, allowing enterprises to bolster their resiliency to attacks. Eze Castle customers can take advantage of Cofense’s award-winning, human-driven training tools through Eze Castle’s managed service expertise, including more than 50 cyber-related and compliance-based training modules and insight into the latest phishing campaigns affecting the financial industry.

Eze Castle will also receive hands-on training from Cofense to help identify the right cadence of phishing simulations—from basic to more nuanced scenarios—along with tips for measuring results and communicating program success to an organization’s executives.

“We are proud to partner with Eze Castle Integration as part of our elite group of service providers that are enabling more organizations with the resources needed to thwart phishing attacks across the globe,” said Robert Iannicello, vice president of global channel sales, Cofense. “Together, we look forward to empowering employees in the investment industry to proactively report suspicious emails and generate actionable intelligence that gives their organization the upper hand in stopping phishing attacks in their tracks.”

“In today’s technology-driven world, cybersecurity threats are one of the greatest risks facing the investment industry,’ said Steve Schoener, chief technology officer, Eze Castle Integration. “We follow a security first approach to IT and deliver fully managed security solutions, such as Cofense PhishMe and Security Awareness Modules, to help our customers bolster the security of their environments – whether they reside in a public, private or hybrid cloud, or on-premises.”

Cofense Secures Additional Investment from Funds Managed by BlackRock

Company Reaffirms Commitment to Deliver Reliable Phishing Technology and Awareness Training to the Global Market

Leesburg, VA Cofense™, the global leader in intelligent phishing defense solutions, today announced that funds managed by BlackRock Private Equity Partners have taken an additional ownership position in Cofense, having acquired the equity of former investor Pamplona. Cofense is pleased to expand the partnership, initially inked in 2018, which will continue to support the company’s mission to help organizations stop phishing attacks in their tracks.  Private Equity Partners is BlackRock’s fund of private equity funds platform that sources and evaluates the full spectrum of private markets investing, including partnerships, direct co-investments, and secondary transactions.

“We met with dozens of world-class financial institutions who were keen to invest. We’re delighted that BlackRock was the winning bidder, as they are familiar with our business and already have a strong relationship with Cofense,” said Rohyt Belani, Co-Founder and CEO, Cofense. “BlackRock’s expanded investment is a direct reflection of their confidence in our company and the growing market opportunity. Cofense has a history of successfully uncovering and reporting threats from all corners of the globe, but we are particularly proud of our track record for taking all possible measures to protect our customers, partners and prospects from phishing attacks.”

In the previous 12 months, Cofense has accelerated its efforts to bring reliable, best-in-class phishing defense solutions to the global market, and as a result the fourth quarter (2018) and first quarter (2019) were the two most successful in company history. The company has close to 2,000 enterprise clients in over 150 countries, representing every major vertical from energy, financial, healthcare to manufacturing and high-technology. Since July 2018, Cofense has expanded its product suite to deliver turnkey solutions for employee education and awareness to phishing response. The company will continue investing in R&D to provide their customers with peak phishing protection across the organization.

In addition to technical accolades, including being positioned as a Leader in the Gartner Magic Quadrant for Security Awareness Computer-Based Training for the fourth consecutive year, Cofense has been recognized for its culture and team leadership. The company was named a 2018 Best Place to Work by the Washington Post and Washington Business Journal and included on the Inc. 5000 list of fastest growing companies. Most notably, Cofense has been honored multiple times in 2019 for raising the standards of excellent customer service, as a finalist for the 2019 SC Awards and HDI Team Awards, and as a winner of the ISPG Global Excellence Awards. The company also successfully completed a Service Organization Controls (SOC) 2 Type II examination for Cofense PhishMe™ and Hosted Cofense Triage™.

About Cofense
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact
press@cofense.com

Cofense and CNA Strengthen Security Awareness Within Cyber Insurance Industry

Leesburg, Va. – August 15, 2019 –Cofense™, the global leader in intelligent phishing defense solutions, announced its strategic relationship with CNA, one of the largest commercial property and casualty insurance companies in the United States. Cofense will provide security awareness training as part of CNA CyberPrep, the latest addition to CNA’s suite of cyber liability insurance products designed to help companies take a holistic approach to cyber threats.

Phishing attacks remain the top attack risk facing organizations. As a result, educating and training employees is a critical part of a robust cybersecurity platform. CNA policyholders can take advantage of Cofense’s world-class, human-driven training tools to include a fully functional-learning management system and more than 20 cyber-related computer-based training modules. Cofense’s Learning Management System (LMS) helps administrators manage content and ongoing education about cyber security risks, meanwhile the company’s Computer Based Training (CBT) educates users on today’s biggest threats with interactive modules. This two-pronged approach empowers users to input their own lessons and manage Cofense and non-Cofense learning materials all in the same place.

CNA policyholders will get access to all Cofense solutions at a preferred rate, and will be eligible for a Cofense Managed Phishing Assessment to provide a benchmark of their current phishing risk and resiliency. This assessment helps companies to improve their threat identification, mitigation and response operations.

“Our relationship with CNA brings together multiple types of risk management services. We are helping to create a comprehensive solution for businesses to remain prepared and competitive,” said Rohyt Belani, CEO and Co-Founder of Cofense. “Working together seamlessly with the other components of CNA CyberPrep, we are confident that our security awareness solutions can help CNA’s policyholders fight phishing threats.”

“In today’s technology-driven world, it is clear that cyber threats represent a critical and growing risk,” said Brian Robb, Underwriting Director and Cyber Industry Leader, CNA. “Businesses must stay ahead of emerging cyber risks and the security threats they pose, and we want to make sure CNA policyholders have access to the best services and technology available. Cofense is an industry leader in phishing defense solutions and security awareness training, which will deliver great value to our policyholders.”

About Cofense

CofenseTM, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact

press@cofense.com

 

Cofense Labs Publishes Database of Over 200 Million Compromised Accounts Targeted by Sextortion Email Campaigns

Leesburg, Va. – August 5, 2019 – CofenseTM, the global leader in intelligent phishing defense solutions, today published a database of over 200 million compromised accounts being targeted by a large sextortion scam to ensure potential victims and their employers can address the threat of sextortion and prevent lost wages and productivity. Cofense Labs, the newly formalized research and development arm of Cofense, discovered a “for rent” botnet in June 2019 used primarily to send sextortion emails. The research team is monitoring the botnet’s activity on a daily basis to observe changes in the malware it is spreading as well as tracking new email addresses being targeted for sextortion phishing emails.

Sextortion is an email-based scam that relies on emotion-driven motivators such as fear and urgency to extort a ransom payment in return for the scammer’s commitment not to leak sensitive information. The method has become an increasingly pervasive threat, with Cofense Labs analysing over 7 million email addresses impacted by sextortion in the first half of 2019 alone. Cofense also assessed that more than $1.5M in payments were made to bitcoin wallets associated with sextortion campaigns this year. Poor password hygiene, including infrequent changes and reuse across multiple sites, add further credibility to sextortion threats being made.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” said Aaron Higbee, Cofense Co-Founder and CTO. “If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource center so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom.”

Data breaches continue to headline the news, and as a result, massive sets of email addresses and passwords are making their way to the criminal corners of the internet. Cofense Labs’ research indicates that the hackers behind this sextortion campaign are recycling old email addresses and passwords – dating back at least 10 years – for new monetization purposes.

“Cofense Labs advises that owners of emails included in the database should change any passwords for accounts associated with that address. And most importantly, if a sextortion email is received, we do not recommend responding to the email or paying the ransom,” added Higbee. “The release of this sextortion database is just one example of the pioneering work Cofense Labs is conducting. Our team is committed to expanding visibility into the evolving phishing threat landscape and sharing tools, techniques, and insight with the security community.”

There are several actions consumers and organizations can take to prevent sextortion and deal with the threat, including: employing a password manager to keep passwords strong and unique; enabling two-factor authentication whenever this is an option for online accounts; and covering all computer cameras. To view the full database provided by Cofense Labs, as well as a guide for employers and employees, click here.

The mission of Cofense Labs is to provide leading edge, innovative research and subject matter expertise to address real-world cyber security challenges. The research and development team’s insights aim to provide actionable intelligence to assist with proactive defense. Where appropriate, Cofense Labs will make the output of its research freely available to encourage and enable collaborative defense. Projects will be made available at cofenselabs.com.

About Cofense

CofenseTM, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact

press@cofense.com