Cofense Report Reveals Weaknesses in Secure Email Gateways, Illustrates Critical Role of Human Intelligence in Phishing Defense

2019 Phishing Threats and Malware Review highlights the latest evolutions to threat actor campaigns and enhanced capacity for malware to evade perimeter controls and penetrate user inboxes.

Leesburg, Va. – June 04, 2019 – Cofense™, the global leader in intelligent phishing defense solutions, today released the findings of their report, “2019 Phishing Threats and Malware Review”, which reveals key insights about how threat actors are evolving phishing campaigns, and provides direction to everyone from network defenders to CISO’s on how to prepare for the unknown. Despite significant investments in next-gen technologies, phishing threats continue to become more sophisticated and effective. The report uncovers how dangerous threat actors, armed with an ever-growing arsenal of tactics and techniques, continue to tweak their campaigns and enhance their capacity to deliver malware, ultimately getting more messages past perimeter controls to user inboxes.

The report features real and simulated threat findings generated from the Cofense Phishing Defense Center (PDC), Threat Intelligence and Research teams, and across a sampling of their global customer base; including real data from 1,400 customers in 50 countries and 23 major industries, and half of the Fortune 100. Specifically, between October 2018 and March 2019, the Cofense PDC verified over 31,000 malicious emails, 90 percent of which were found in environments running one or more secure email gateways (SEGs).

Key findings from the 2019 report include:

  • Between October 2018 and March 2019, 31,429 total threats were reported by end users after delivery to the inbox, which included 23,195 via credential phishing; 2,681 via business email compromise (BEC); 4,835 via malware deliver; and 718 via other scams.
  • Ninety percent of the malicious emails verified by the Cofense PDC during this period were found in environments running one or more SEG.
  • Threat actors are innovating relentlessly and are constantly refining their tactics, techniques, and procedures (TTP’s) as they develop new delivery mechanisms, phishing techniques, and ways to get around network defense technologies. Cofense is seeing activity such as the use of public, open source tools to evade detection and the leveraging of genuine O365 accounts to harvest credentials to increase the odds of reaching the inbox and delivering malware. The report outlines that sextortion and bomb scare extortion pay off significantly when utilized by threat actors.
  • Technologies like email gateways can’t keep pace with the speed of threat actors’ “product development”. SEG’s play a key role in phishing defense, but they are not infallible. The report identifies SharePoint, OneDrive and ShareFile as some of the most abused cloud providers and states that threat actors use geo-location to help prevent analysis by security tools or human researchers; enabling malware to slip through a SEG’s defenses.
  • Collective human intelligence is vital to phishing defense. When the phishing and malware threats analyzed in this report land in users’ inboxes, the human factor becomes decisive. It’s imperative to educate users through a phishing awareness program, focusing on threats that utilize the latest TTP’s. Both user education and incident response thrive when fed by threat intelligence on emerging TTP’s.

“Adversaries are constantly evolving their techniques and changing their infrastructure to complicate detection, meaning that indicators of compromise (IOCs) can grow stale extremely quickly. For holistic defense, users need to be prepared to identify and report any threats that do reach their inbox,” said Aaron Higbee, Co-Founder and CTO, Cofense. “Automated technical defense controls must be blended with a human element in today’s threat landscape. While timely threat intelligence helps head-off attacks and drown out the noise so that SOC teams can prioritize and focus on the most pernicious threats, Cofense is observing an ever-increasing surge of malicious emails that reach user inboxes daily. Once a message reaches an inbox, that end user is your last line of defense.”

Cofense is the only phishing defense company that holistically confronts phishing threats, looking at both the phishing tactics and techniques used to bypass perimeter controls to reach users inboxes, as well as how the malware is executed after delivery. Cofense’s multi-dimensional intelligence enables customers to prioritize and understand threats to mitigate phishing attacks faster.

To download the full report, please visit https://cofense.com/phishing-threat-malware-review-2019

About Cofense
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact
press@cofense.com

Cofense Achieves SOC 2 Type II Compliance for PhishMe and Hosted Triage

Phishing Defense Leader Continues to Pursue Compliance Certifications for Data Security

LEESBURG, Va.May 16, 2019 — Today Cofense™, the global leader in intelligent phishing defense solutions, announced it has successfully completed a Service Organization Controls (SOC) 2 Type II examination for Cofense PhishMe™ and Hosted Cofense Triage™. These product lines provide technology to help organizations train their employees to identify potential phishing risks and properly handle phishing attacks by individuals attempting to manipulate or deceive email recipients. Coalfire Controls, LLC, an independent CPA firm, conducted the audit.

SOC 2 compliance is a key industry standard in data security. Designed for entities operating in the technology and cloud computing sector, SOC 2 evaluates a service provider’s ability to securely manage customer data. In pursuit of this certification organizations undergo a rigorous analysis that includes the following trust services criteria: security, availability, processing integrity, confidentiality and privacy. Cofense achieved SOC 2 Type I compliance in February 2018, which is based on having the suitable controls in operation. For Type II, Cofense successfully showed the effectiveness of these controls over a period of time.

“Pursuing industry-leading certifications is just one way Cofense continues to demonstrate our commitment to larger compliance efforts that exceed enterprise standards,” said Keith Ibarguen, Chief Product Officer, Cofense. “SOC 2 Type II compliance is a proven standard to ensure the processing integrity, availability, security, confidentiality and privacy of customer data. Cofense aims to not only help our customers maintain strong security through our innovative technology offerings, but to also maintain strong relationships and trust through our own security and privacy practices.”

“Many organizations outsource information security operations to third-party vendors, and if their data is not handled securely, risk of exposure to data theft, extortion and malware increases dramatically. Given this threat of exposure, SOC 2 Type II is essential for organizations to clearly demonstrate the security control posture of their solutions,” states Chris Beiro, Sr. Director, SOC Practice, Coalfire. “Coalfire examined the PhishMe and Hosted Cofense Triage solutions and found that controls were suitably designed and operating effectively to provide reasonable assurance that the trust services criteria were met throughout the review period.”

The purpose of SOC standards are to help provide confidence and peace of mind for organizations and their third-party partners. Cofense maintains policies, strategies and processes that are designed to satisfactorily safeguard customer data. For more information, please visit http://www.cofense.com.

About Cofense 
Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

Media Contact 
press@cofense.com

Cofense Partners with NINJIO to Bring Hollywood-Style Storytelling to Security Awareness Offering

Leesburg, Va. – May 8, 2019 – Cofense™, the global leader in intelligent phishing defense solutions, announced a partnership with NINJIO, a leading creator of cyber security awareness training. NINJIO’S cyber security content will be accessible by customers using the Cofense PhishMe™ platform, an award-winning phishing simulation and training solution. Cofense PhishMe administrators can leverage NINJIO videos, or “episodes” as NINJIO refers to them, as part of their on-going security awareness training and phishing defense programs.

Cofense Announces Key Additions to Leadership Team

New Hires to Fuel Company Growth in All Aspects of Sales, Marketing, and Product Development

Leesburg, Va. – April 18, 2019 – Today Cofense™, the global leader in intelligent phishing defense solutions, announced the addition of four security leaders to their executive team. Kevin Fliess joins Cofense as Senior Vice President of Marketing; Keith Ibarguen, as Chief Product Officer; Marcus Conroy, as Vice President of Americas Sales; and David Janson has been promoted to Vice President of International Sales from his previous position as Vice President of European Sales. Following the strongest fourth quarter (2018) and first quarter (2019) in company history, these additions will contribute to Cofense’s leadership and culture as the company executes the next phase of its growth strategy and expansion.

Cofense To Host Fourth Annual Phishing Defense Summit and User Conference

Cofense Submerge features industry expert speakers, including a keynote by FireEye CEO,
and sessions focused on latest security threats and incident response trends

Leesburg, Va. – April 16, 2019 – Today Cofense™, the global leader in intelligent phishing defense solutions, announced that registration is open for the fourth annual Submerge phishing defense summit and user conference. The event, set to take place Sept. 23-24, 2019 in Orlando, Fl., will bring together industry experts with practitioners who are on the front lines to discuss the security threat landscape and share phishing defense strategies. Featured speakers include Kevin Mandia, CEO of FireEye as a keynote, along with Cofense’s Co-Founders, Rohyt Belani, CEO, and Aaron Higbee, CTO.

Cofense Launches Responsive Delivery Capabilities to Strengthen Effectiveness of Global Anti-Phishing Programs

New feature for Cofense PhishMe enables operators to deliver phishing scenarios only when a user is actively performing tasks in their mailbox

Leesburg, Va. – Feb. 28, 2019 – Today Cofense™, the global leader in intelligent phishing defense solutions world-wide, announced the addition of Responsive Delivery to its flagship product for phishing simulations. This first-to-market feature enables Cofense PhishMe™ Enterprise edition operators to deliver phishing scenario emails only when intended recipients are actively performing tasks in their mail client. Responsive Delivery gives operators confidence that simulations will not be missed by a user who is away from the desk and ensures that the scenario email is delivered directly to the inbox without interruption.

Cofense Vision Offers SOC and IR Teams Greater Visibility into Phishing Threats Delivered to Inboxes

Newest addition to Cofense phishing defense solution suite reduces the risk of phishing attacks, enables security teams to quarantine unreported threats

LEESBURG, VA. – Feb. 26, 2019 – Today Cofense™, the leading provider of intelligent phishing defense solutions world-wide, announced the general availability of Cofense Vision™, the company’s newest solution for protecting organizational assets from phishing attacks. Effective defenses against phishing must include visibility into the threats that bypass technical controls and are delivered to a user’s mailbox. Users of Cofense Triage™ can already prioritize and understand these threats, and now with the addition of Vision, security operations center (SOC) and incident response (IR) teams are able to identify and quarantine all messages that made it into a mailbox and pose a threat with more speed and efficiency.

Every day, phishing emails bypass perimeter defenses to become ticking bombs in employee mailboxes. In fact, the Cofense Phishing Defense Center determined that as many as one in seven suspicious emails reported by end-users are malicious, based on analysis of more than 2 million emails in 2018. During that time, Cofense found over 55,000 credential harvesting attacks designed to exploit SSO architecture and 25,000 campaigns hiding malicious files inside cloud services to avoid gateway detection. Left undiscovered, these attacks can cause serious damage to an organization. Integrated with the latest release of Triage, Vision identifies all messages that are part of a campaign across an organization and enables security teams to quickly find emails that were not reported by users and quarantine them directly from within Triage, ultimately mitigating their potential risk to the business.

“It’s not just one mail gateway technology that is chronically failing, our customers have multiple technologies in their filtering stack, yet phishing emails still make it in. The email search and quarantine tools on the market today are not fast enough, and don’t have the oversight in place needed to operationalize an auditable workflow inside of SOCs. Vision quickly identifies all recipients of complex phishing attacks and, with a single click, quarantines to remove the threat from all mailboxes,” said Aaron Higbee, Chief Technology Officer, Cofense. “You shouldn’t have to pay extra to your email vendor to remove the phishing email they failed to detect. Vision, either in combination with Triage or connected with existing SOC tooling, will deliver immense productivity gains for SOC and IR teams, so they can execute their jobs efficiently and better protect the company.”

Cofense uses technology for automation where it makes sense, with an emphasis on increasing human and organizational capabilities to reduce risks and quickly mitigate negative consequences when phishing attacks succeed. Triage improves automation by driving non-essential tasks out of the workstream to the point where the keen eye of an operator can make a good decision. Vision extends the capabilities of Triage, allowing SOC and IR teams to proactively hunt for unreported threats and create transparent audit and governance of mitigation actions.

Organizations that have taken a more proactive approach with threat hunting teams will find the Vision platform extremely beneficial, giving them the capability to search for indicators of compromise (IOCs) and tactics, techniques and procedures (TTP’s) of cyber threats in their mail environment even if a user didn’t report the message. Users are able to quickly find the other mailboxes where a suspicious email may reside (Vision Discover) and when that email is detected, quickly quarantine it to remove the threat (Vision Quarantine).

Cofense Vision is now generally available for Cofense Triage customers. For more information, please visit the website.

About Cofense

Cofense™, formerly PhishMe®, is the leading provider of intelligent phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

 

Cofense Security Solutions Advisor Tonia Dudley to Speak at 2019 RSA Conference

Phishing Defense Expert and Board Member for the National Cybersecurity Society Will Present Two Sessions 

LEESBURG, VA. – February 22, 2019 – Today Cofense™, the leading provider of intelligent phishing defense solutions world-wide, announced that the company’s first Security Solutions Advisor, Tonia Dudley, will speak at the 2019 RSA Conference. Set to present two sessions, a Learning Lab on March 6 in a traditional Classroom setting, Dudley will discuss the need to develop long term strategies for phishing simulation campaigns and the value of a human touch in security. A second session on March 7, with a focus on automation vs human intuition. With more than a decade of cybersecurity experience, Tonia has managed cybersecurity incident response, security awareness programs, and IT compliance programs for large scale global organizations.

Cofense Recognized for Raising the Standards of Quality Customer Service

Technical Operations Center (Support) Stands Out for Excellence in Customer Service, Winning an ISPG Award and Being Named a Finalist for the HDI Conference Awards

LEESBURG, VA. – February 13, 2019 – Today Cofense™, the leading provider of intelligent phishing defense solutions world-wide, announced the latest industry recognition for their distinguished Technical Operations Center (Support). On Feb. 4, Info Security Products Guide (ISPG) named Cofense the Bronze winner of the Customer Service Department of the Year category for the 2019 Global Excellence Awards. In addition, the department was recently named a finalist for HDI’s Team Excellence Award. Both awards represent Cofense’s high standards for quality and customer service, a key element for ensuring that organizations remain protected from the many threats being launched against them.

Cofense Recognized for Raising the Standards of Quality Customer Service

Technical Operations Center (Support) Stands Out for Excellence in Customer Service, Winning an ISPG Award and Being Named a Finalist for the HDI Conference Awards

LEESBURG, VA. – February 13, 2019 – Today Cofense™, the leading provider of intelligent phishing defense solutions world-wide, announced the latest industry recognition for their distinguished Technical Operations Center (Support). On Feb. 4, Info Security Products Guide (ISPG) named Cofense the Bronze winner of the Customer Service Department of the Year category for the 2019 Global Excellence Awards. In addition, the department was recently named a finalist for HDI’s Team Excellence Award. Both awards represent Cofense’s high standards for quality and customer service, a key element for ensuring that organizations remain protected from the many threats being launched against them.