How to Prevent Ransomware Attacks

Want to Know How to Protect Against Ransomware?

Here are some best practices.

The fight against ransomware means harnessing every tool at the enterprise’s disposal – including every single employee and organizational stakeholder. According to the Cybersecurity and Infrastructure Agency (CISA), ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering them and the systems relying on them unusable.

How to Prevent Ransomware Attacks: What Every Employee Should Know.

When it comes to ransomware prevention, you can dramatically sway the odds in your favor by following these best practices, compiled from our expert analysts’ experience and other trusted sources. Remember, you may be the last line of defense safeguarding precious data should you spot something that seems odd in your email inbox. Because attackers know how to circumvent standard network protections, keep these tips in mind as you go through your business email.

  • Use extreme caution when clicking on a link: Don’t click links in messages from unknown senders or on unknown websites. If the link is malicious, an automatic download may begin, and the process may conclude with an infection that can spread from your device to the entire network.
  • Don’t provide personal information or login credentials: The primary pursuit of hackers using email ruses is to capture user credentials for network access. If you receive an email, call or text that prompts you for this information, don’t take the bait. If you do, you open the door to cybercriminals who then have a far simpler path to infiltrate your company’s systems.
  • Stay away from unknown or unsolicited email attachments: Ransomware-delivering malware is often planted in attachments that may be in any number of formats. Be suspicious. Scrutinize sender information and addresses. and never open an attachment that requires macros to view. Criminals often use macros to hide and deliver malware.
  • Use only trusted download sources: Never, never, never download software or files from sites you don’t know well. Keep in mind that hackers often use doppelganger, or lookalike, sites and other tricks to fool you into believing you’re interacting with a legitimate website. They do this for strictly nefarious purposes. Our blog post provides more information about the dangers of doppelgangers.

The Best Ransomware Protection? Your People.

We see it every day. Malware-laden email, some of which is designed to deliver ransomware, gets past standard email filters and security technology, or secure email gateways (SEGs). You can, and should, empower your employees to help you fight the criminals. Ransomware security awareness is your whole team’s responsibility. Need convincing? Consider these facts:

  • Ransomware is readily available
  • Ransomware changes faster than detection technologies, or SEGs, can respond
  • Paying the ransom – sometimes millions of dollars in cybercurrency – is often the only way to unlock hostage data and systems
  • One successful attack may lead to repeat attacks, and recovered data may be compromised
  • Recent successful ransom attacks only encourage more ransomware campaigns
  • Comprehensive ransomware-awareness training is essential because people are the targets of phishing, the most commonly used attack vector for ransomware

Users who are trained to spot phishing attacks, detect reply-chain campaigns and report suspicious emails can be the difference between a secure organization and a ruinous network compromise. Don’t give threat actors any help. Let Cofense help you. Learn more here.

If we all work together as individual contributors against hackers, there would be far fewer successful ransomware attacks. As the Center for Internet Security points out, “From local government entities to large organizations, ransomware attacks are everywhere. It’s up to all of us to help prevent them from being successful.”[1]

  1. CIS blog: 7 Steps to Help prevent & Limit the Impact of Ransomware.

What to look for in a top SOAR Platform

These days, searching for a top security orchestration automation and response (SOAR) platform can be overwhelming. Especially if you do not know what to look for. When you choose a top SOAR platform, your SOC has to have a certain level of maturity to be able to take full advantage its capabilities. A SOAR platform, combined with new-age technologies like artificial intelligence (AI) and machine learning (ML), can help organizations enable automation to mitigate threats faster.

A top SOAR platform should provide your organization with a solution that fits your cybersecurity approach, framework, and infrastructure. It needs to be compatible with all of your existing security solutions. Also, it must deliver the use cases your organization needs to complement your set of existing security products in order to manage the SOC and your security operations functions. Lastly, when choosing a SOAR platform, the decision must be driven by your existing security processes like threat monitoring and response, threat investigation and hunting, threat intelligence management, responding to phishing emails, etc.

A top SOAR platform should have the following qualities:

  • Integrate seamlessly with your existing cybersecurity interface – With enterprise security operations teams using an average of more than 10 tools to maintain their security framework, the SOAR you choose should integrate efficiently with your existing cybersecurity program.
  • Offer the capability to easily code an organization’s existing playbooks (using a low- or no-code model) that the tool can then automate, via an intuitive UI.
  • Collaboration tools for analysts (using chat or IM framework) to enable more efficient communication.
  • A pricing model that is aligned with your organization’s needs. Avoid pricing structures based on the volume of data managed by the tool or based on the number of playbooks run per month.
  • Flexibility in the deployment and hosting of the solution — either in the cloud, on-premises or a hybrid.
  • Manual and automated actions can be taken simultaneously – Alert fatigue is a real thing for cybersecurity professionals. With a SOAR, teams can automate tedious processes and let security experts concentrate their skills on the more high-level tasks that require human intervention. A top SOAR platform should allow both human and automated actions simultaneously.
  • Tracking and reporting features – A key to a top SOAR platform is its dashboard and reporting capabilities. They need to provide the ability to aggregate SOC data that is easily understandable of the SOC’s situation, incident response processes, and performance results. Dashboards that can be presented to different audiences, such as SOC manager, SOC analyst and CISO are also key.

Cofense Intelligence is timely, accurate, and actionable phishing threat intelligence,

and integrates with existing security solutions to speed phishing threat response. Our expert threat analysts help operationalize threat intelligence and provide guidance, attack analysis and context to help you and your organization make rapid, informed decisions.

A top SOAR platform should be able to fit into your current cybersecurity framework, make security operations simpler, show a return on your investment and of course, increase visibility into threats. Cofense Intelligence provides the phishing alerts, information, and insights you need to proactively defend your organization against phishing threats. With our unique combination of technology and human insight, you are armed with the weapons you need to identify, block, and investigate threats hitting your enterprise every day.


What is a Cyber Response Playbook?

A cyber response playbook is a plan you develop that outlines the steps you will take in the event of a security incident. Most organizations keep their incident response plans very simple and then augment specific types of incidents with cyber response playbooks. Cofense helps many organizations with cyber response playbooks for phishing email.

Phishing emails are a specific type of security incident and require steps to identify an outbreak, determine the type of malware or method of attack involved, and then remove those emails from end-user’s inboxes to end the outbreak. With some organizations reporting hundreds of phishing emails per day, it becomes very difficult to sort the false reports from the actual phishing emails that pose a threat.

Cofense has a suite of products that are designed to help organizations with their entire cyber response playbook for phishing. When deploying the full suite of Cofense solutions, organizations can educate employees on how to identify and report phish, detect phish in their environment and respond quickly to remediate threats. Cofense PhishMe and Reporter help organizations develop phishing simulators and training aimed at conditioning end users to identify and report suspected phish, while Cofense Triage groups them together and applies a priority score so analysts know which email to look at first; Auto Quarantine, a feature in Cofense Vision, will remove phish from end user inboxes before they’ve had a chance to click on them.

Cyber response playbooks can be simple and easy to implement if you have the right vendor that can help you identify, prioritize and respond to any security incident.


19 Minutes: A Minute-by-Minute Account of Collective Defense in Action

See how one company stopped an attack in 19 minutes.

Read More

Social Media Phishing: What You Need to Know

What should you know about social media phishing, or SMP? Many of us associate phishing risk with get-rich-quick links or attachments in marginally literate email messages, not our social media accounts and activity. What you should know is that phishing threat actors are deviously clever at setting traps by exploiting popular and trusted platforms, apps and topics in the news. What better hunting ground, then, for the digitally savvy criminal than social media?

Here are some answers to common questions asked about social media phishing.

What is social media phishing (SMP)?

Social media phishing is used by attackers seeking to steal personal data to sell on the dark web or to gain access, typically, to financial accounts. They may also troll for personal details for credential phishing purposes. For example, when armed with your birthday, social security number, middle name, mother’s maiden name and the like, combined with educated guesses about where you bank or keep retirement accounts, they can reset your password and pillage your accounts. Too much of this type of detail is easily found on social media websites.

Alternatively, an attacker may simply post an irresistible phishing link (e.g. “You won’t believe your eyes” or “See how I made $200,000 in 10 minutes”) on a friend’s social page. When the link is clicked, the victim is routed through a series of screens and spoofed webpages where attackers harvest important identifying information. You can read all about the methods they use – some are diabolically clever – on our Phishing Prevention & Email Security Blog.

As of 2021, more than 3.96 billion people worldwide are using social media. The average social-media consumer has 8.6 accounts on different networking sites; popular platforms like Facebook see 66% of their users logging in daily.[1] This type of heavy and diverse traffic makes for a bottomless trough from which phishing threat actors gorge.

Why is social media a target for phishing attacks?

Social media is invaluable to threat actors for social engineering, which is a variety of deceptive tactics through which attackers use your good nature against you to get confidential information. Social media users choose their platforms to get and generously give information. They often make public where they live, work and vacation. They offer up the names, ages and birthdays of their children, friends and colleagues. They probably don’t realize how easy they’re making it for a digital criminal to structure and launch a targeted attack.

The attack may come in the form of, for example, a post with a link designed to entice the victim to share it on their social media. The victim’s contacts – trusting the source – may click on the link. From there, they’re taken to a phishing (but genuine looking) website. An authentication challenge will appear, obliging the user to validate their identity by supplying their social media (or Google Drive or OneDrive or other) credentials in order to see the content they were tricked into pursuing. Typically, the authentication will fail, forcing the victim to reenter credentials. In many cases, these credentials are all that’s needed for an attacker to wreak digital devastation.

What are examples of social media phishing?

On Facebook, beware of third-party apps that demand excessive amounts of information. Also, criminals can easily create a phishing site that looks just like the Facebook login page. On LinkedIn, look out for fake recruiters. They may send a document you must download to pursue that amazing opportunity. Once downloaded, the document unleashes malware via macros that aren’t readily visible to the untrained user. Educate yourself on how criminals manipulate other platforms – Twitter, Instagram, YouTube and more – to launch attacks and steal your stuff. Check out Cofense resources, and those offered by trusted organizations such as National Cyber Security Alliance.

How can I protect myself against phishing on social media?

To steer clear of phishing on social media, a few quick best practices include these “don’ts”:

  • Don’t accept friend requests from strangers.
  • Don’t click on links to update your personal details – instead, visit the platform’s support pages to see what updating is needed, and how and when to do it.
  • Don’t use the same password and user name for all your accounts because once one of them is stolen, all your accounts will be in jeopardy.
  • Don’t ignore prompts to update your operating system; many attacks exploit unpatched vulnerabilities.

Social media is meant to be fun and informative. Don’t let the crooks ruin it for you. Keep in mind that attackers will try to use one successful exploit to go after not just you but your family, friends, colleagues, neighbors and employer.

For more information on staying safe against SMP, and other types of phishing attacks, visit us online and check out articles like this one, What Are Phishing Attacks and How Do You Stop Them? We’re here to help.

[1] Source: Backlinko,

What are Email Protection Tools?

Email protection tools are security tools designed to protect your email from malware and hackers. They include tools like Secure Email Gateways, anti-malware software and anti-phishing tools like the Cofense suite of products.

Most email protection tools sit on the gateway and monitor email coming into the network for known malicious attachments, URL links and other malware. Some use blacklist/whitelists to segregate email, but most use algorithms to parse for known malware signatures. Still others are looking for patterns to identify zero-day threats.

What is a zero-day threat?

Email protection tools have been available for more than 20 years now, and some, like Secure Email Gateways, are becoming commoditized as the push for vendor consolidation and cost savings pushes vendors to provide more value. 

In the past, most email protection tools were deployed on-premises, meaning the company installed its own appliances and maintained them themselves. Nowadays, more and more companies are moving to cloud-based solutions that are much easier to deploy and maintain. 

Some companies will provide managed services and the customer simply has to point their email gateway to the service to begin filtering email. Cloud-based products have made products designed for high-end enterprises available to mid-sized companies and they have been moving to these cloud services for a number of years.

There is no reason to go without email protection tools these days as they are often bundled in with other services like Microsoft does with Defender o365. Bundles are also available from Google and other providers. They are becoming more popular as customers see significant cost reductions and have fewer vendors to maintain.

Still, most email protection tools available in bundles can’t protect against things like zero-day and other emerging threats that haven’t been identified yet. In this case, it is best to spend money on solutions that have high-quality intelligence feeds that identify emerging threats before they can cause problems. 

This is where Cofense comes in. The Cofense Phishing Detection and Response (PDR) platform empowers organizations to use their strongest defense – people – alongside our automated response and intelligence technology to achieve the most comprehensive phishing response and detection available. Cofense’s PDR platform is designed to deploy as an integrated suite of products or delivered as a comprehensive managed PDR service through the Cofense Phishing Defense Center (PDC). Both options effectively stop phishing attacks and combat the savviness of attackers through a combination of people and automated technology to quickly reduce and remove the risk.

Email protection tools that focus on creating a human network that can report on emerging threats like phishing emails are very valuable for their ‘network effect’ that is, when one person reports malware, everyone in the network becomes protected against it immediately. It is this kind of intelligence that makes certain email protection tools more valuable than others. 

Email protection tools have been around for a long time and work to protect customers against a wide range of threats from spoofing to phishing and many types of malware. It is important to have the right kind of email protection tools to protect against the current known threats and unknown, or zero-day threats that are emerging. Good intelligence is always found in the best tools and that’s where customers are spending a good portion of their security budgets today.

Sign Up for a Demo Now!

Teach users to identify real phish. Discover how Cofense PhishMe educates users on the real phishing tactics your company faces.

What is a SIEM Alert?

A SIEM alert is a tool most commonly used by SOCs to protect an organization. SOCs entrust the reliability of the processes on their IT systems to this kind of automated technology, which reports any issue that may occur.

Ah, but what is a SIEM, you ask?

Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure. A SIEM collects security data from network devices, servers, domain controllers, and more. SIEMs store, normalize, aggregate, and apply analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.

Some 575 organizations that work in threat hunting or alongside threat hunters were surveyed in the SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters. The results showed that SIEM alerts are still widely used in organizations, and that 66.2% of organizations employ a SIEM because they are easy to use.

SIEMs tools analyze the state of the processes that are occurring on the IT system and classify thousands of events to evaluate their behavior and detect possible anomalies that could lead to a cyberattack. And should an attack happen, this kind of alert scours the system in order to analyze the possible causes of the attack and how to stop it.

Keep in mind, though SIEM alerts are one of the most commonly used tools does not mean that they are everything you need to keep your network secure. One of the difficulties with checking SIEM data for values is there is no standardized format for information that is contained in these messages. Therefore, the data needs to be normalized into a standard model. From this, alert rules can be created, which check for correlation and aggregation across multiple devices or apps. Additionally, the standardized data model also helps with noticing specific occurrences of value on particular devices or apps. Also, SIEMs are based on searches for threats that they already know, but not for unknown threats. These unknown threats will be at the mercy of customized alerts. Customizing alerts to discover new threats is an insurmountable task for most organizations, since many SOCs do not have enough professionals to update search criteria frequently.

SIEM alerts can evaluate many events individually, but when an event occurs with others, they may fall short. One of the constant challenges when writing alerts is balancing the goals of reducing false positives and preventing inundation while still alerting on all suspicious events. Security teams are constantly looking for opportunities to improve alerts to reduce the false positive rate. With a SIEM, an alert taken in isolation could be a threat, but when run with other events, is not dangerous. This causes an increase in false positives detected.

As a rule, SIEM alerts should not be used alone, but in conjunction with a proactive security approach and strategy, which constantly hunts for previously unknown threats, and which acts autonomously to detect and classify them.

Cofense Intelligence delivers threat intelligence in multiple forms:

  • Machine-readable threat intelligence (MRTI) follows industry standards for quick integration with your existing security devices, like a SIEM.
  • Analysis reports in PDF and HTML format are optimized for threat analysts and incident response teams.
  • Published threat intelligence that shows how individual elements of an attack are related and the relationships between seemingly disparate attacks.

Our proactive approach enables you to prime your existing security infrastructure to disrupt these potentially dangerous attacks. Tactics used to penetrate your network are also exposed along with the relationships between phishing campaigns and Indicators of Compromise (IOCs). The combination of actionable threat intelligence and understanding the correlation between phishing attacks and their motivators helps your team prioritize, investigate, and respond.

Cofense Intelligence key benefits:

Integrates with existing security solutions to speed phishing threat response

Provides timely, accurate, and actionable phishing threat intelligence

Expert threat analysts to help operationalize threat intelligence and provide guidance

Attack analysis and context to help make rapid, informed decisions

Our unique combination of technology and human insight — paired with our 26M+ strong global reporters network — makes it easy to get the information you need to protect your organization.

What is the difference between threat feeds and threat intelligence feeds?

Threat feeds are a valuable way to gather information regarding adversaries and their capabilities and infrastructure. Threat feeds are made up of a large quantity of data but are usually not intelligence. 

Threat Intelligence Feeds are an actionable threat data related to artifacts or indicators collected from any third-party vendors in order to learn from other company’s visibility and access to enhance your own cyber threat response and awareness. Threat Intelligence Feeds concentrate on a single area of interest.

Then there are free threat feeds. These are almost always defined as data gathered solely from open sources. Because these threat feeds are essentially non-prioritized lists of data that come without context, they can sometimes add to the burden of a SOC, rather than reduce it. 

Sometimes a free feed can cost your organization time and resources, and often are not relevant to your business and security objectives. Threat data does not equal threat intelligence. But this doesn’t necessarily make feeds that provide raw data useless: they can still play a role in producing intelligence. Often, free threat feeds are the first place where organizations begin their threat intelligence journey.

When building a security program, organizations will often turn to free threat feeds when trying to assess their specific needs. However, to effectively evaluate a threat feed, you should ignore the “more feeds, more intel” mindset. Instead, focus on the relevance of the intelligence provided to your security and business operations and the source from which the intelligence is gathered. It’s a common misconception that a large quantity of threat intelligence feeds leads to more effective security. Unfortunately, threat feed overindulgence can lead to confusion, disorganization, and inaccurate threat reports. 

On the surface, threat intelligence feeds are precisely what they sound like — continuously updated feeds that provide external information or data on existing or potential risks and threats. In practice, however, the type of context (or lack thereof) these feeds provide is what sets them set apart from each other. With a threat intelligence feed, there are things to consider like update frequency, context, timely information, and delivery format.

The purpose of monitoring a threat feed is to find useful information about dangers online and the adversaries behind them. One critical step that most organizations need to take on their path to maturing a cybersecurity posture is to acquire threat feed data. 

Looking at intelligence reports about the various threats targeting organizations can provide a lot of awareness about cyber dangers and threat actors. But some organizations equate security with the number of feeds they subscribe to, not realizing that their analysts couldn’t possibly monitor the hundreds or thousands of threat reports generated every day. Having too many threat feeds is almost as bad as not having any at all. Unless you have some way of managing that information, there is just too much noise to identify the relevant attack reports needed to protect your organization.

Understanding how and from where your feeds get their information will help determine the process that turns data into actionable intelligence. All organizations need threat feeds and threat intelligence feeds but putting context around them is the crucial part.

Cofense Intelligence

Cofense Intelligence provides the phishing alerts, information, and insights you need to proactively defend your organization against phishing threats. Our unique combination of technology and human insight — paired with our 26M+ strong global reporters network — makes it easy to get the information you need to protect your organization.

With Cofense’s unique security intelligence, you are armed with the weapons you need to identify, block, and investigate threats hitting your enterprise daily. This precise information is available in multiple forms for your teams to prepare and respond to active attacks to your network:

  • Human-readable threat intelligence reports provide deep-dive and trending analysis of your biggest threats. These reports include our expert analysis of the attack methodology. 
  • Machine-readable threat intelligence (MRTI) or threat intelligence that can feed directly into security devices and threat repositories. Firewalls, IDS/IPS, SIEM can now detect and block emerging threats at the earliest stages of the attack. 
  • SaaS investigation apps to investigate phishing and malware attacks. These on-demand tools provide the latest insight on which attacks are related and how the attacks are being executed.
  • Expert guidance from Cofense’s world-class security team to implement best practices to reduce threats against your network.

Phishing emails with malicious attachments or links continue to be a threat to bypass most organizations’ security stack and reach the end user. Cofense takes a fundamentally different approach in identifying threats as they emerge daily—before your network gets hit

Business Email Compromise (BEC) Attacks

Business email compromise, often known simply as BEC, is when threat actors use email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. 

Most attacks target specific employee roles within an organization by sending a spoof email (or series of spoof emails) which fraudulently represent a senior colleague (CEO or similar) or a trusted customer with instructions to approve payments or release client data. The emails often use social engineering to entice the victim into making money transfers to a fraudulent bank account. 

According to Gartner Research, business email compromise attacks increased by nearly 100% in 2019 and in some cases, resulted in substantial financial losses. Further, BEC attacks will continue to double each year to over $5 billion, and lead to large financial losses for enterprises through 2023.

Business email compromise attacks do not use malware or links in email, rather it is the user who is compromised (an account takeover). Attacks are pretty simple to execute, and traditional email content inspection techniques cannot detect BEC phishing because the emails resemble regular email content; of course, with the goal of exploiting business process errors. 

As an example, something as simple as a “spoofed” email, where the display name in the email is modified to appear as an individual within an organization. When in reality, the return address is actually that of the attacker. The email format allows for a “display name” that doesn’t have to be related to the actual sender’s email address. This kind of format is less difficult to fraudulently use the name of a trusted individual. The message often appears to be sent from a senior staff member to someone at a lower level in the company, and the body of the email will imply a sense of urgency. Spoofing is the most common mechanism for payroll diversion attacks because it simply identifies an individual within an organization and sends an email to the payroll department asking for their bank account details to be updated.

What’s worse, suppliers and customers can be attacked using your organization’s email domain, which greatly impacts relationships, your organization’s reputation, and stakeholder trust.

Then there’s the business email compromise where a legitimate user’s email account is compromised. Attacks can obtain user account details and then use those credentials to log into a user’s account. Sneaky attackers will sometimes set up forwarding rules to monitor a victim’s email conversations following the initial message. That gives the attacker the opportunity to step in at their leisure with urgent messages that appear authentic, making the attack even more convincing.

These attacks pose a significant risk. According to the annual 2020 FBI Internet Crime Report, this phishing tactic has raked in nearly $2B this past year alone. But the damage caused by these attacks reaches well beyond financial losses. Fraudulent invoices, which are the most common of BEC attacks, the recipient gets what appears to be a legitimate invoice from an organization. 

According to HelpNet Security, there was a 200% increase in business email compromise attacks focused on invoice or payment fraud from April to May 2020, posing an internal risk to organizations; and a reputation risk. As stated above, if a supplier or customer falls for a BEC attack that claims to come from a known organization, it can harm the established trust in the existing relationship as well.

There are actions you can take to inform your employees to avert this threat. Educate your executive leadership team about this type of threat and discuss business email compromise with your organization at-large — especially those employees responsible for payments/payroll AND suppliers, customers, and clients. Training should include preventative strategies and reactive measures in case they are victimized. Among other steps, all employees should be told to:

  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials in response to any emails.
  • Keep all systems updated.
  • Verify the email address used to send emails, especially when using a mobile device by ensuring the senders address email address appears to match who it is coming from.
  • Ensure the settings the employees’ computer are enabled to allow full email extensions to be viewed.

There is no single technology solution to BEC, rather it’s a combination of technology, process and user awareness.  

Frequently Asked Questions

How does business email compromise work?

Business email compromise, often referred to as BEC, employs social engineering to target a certain individual or specific employee roles in a chosen business. Attackers typically send a spoof email (or series of spoof emails) that fraudulently represent a senior colleague (CEO or similar), or a trusted customer, with instructions to approve payments or release client data.

What makes an email suspicious?

Malicious email, particularly BEC, isn’t always obvious. Be on alert for formatting and punctuation that vary from you company’s norms. Often the greeting is red flag. For example, “Hi” coming from a CEO whose messages consistently open with “Hello” or another convention should raise suspicion. Be on particular alert for minor variations in the sender’s email address. BEC examples and case studies can also be instructional. Cofense offers case studies and blog reporting on the subject.

What should businesses do to guard against suspicious email?

There are actions you can take to inform your employees to avert the threat of business email compromise. Educate your executive leadership team about this type of threat and discuss business email compromise with your organization at-large — particularly employees responsible for payments/payroll and suppliers, customers and clients. Training should include preventative strategies and reactive measures in case they’re victimized. Cofense PhishMe, simulations reflect the latest threats known to bypass standard technologies, empowering your users to become human threat detectors. Cofense Reporter simplifies reporting suspicious email with the click of a button.

Malware Intelligence: What is Cryptojacking Malware?

Stay Ahead of Cryptojacking Malware with Cofense’s Malware Intelligence

Cofense’s malware intelligence service provides accurate and timely alerts about cryptojacking malware and ransomware being circulated in phishing emails. Subscribe to our malware intelligence service and stay ahead of email-borne threats in order to better protect your network, your data, and your users. Sign up for complimentary threat alerts here.

How much would a successful ransomware attack cost your organization? $2.4 million? $3.8 million? How about $7.35 million? These are the average costs incurred to recover from ransomware attacks depending on whether you agree with Accenture ́s, Microsoft ́s or IBM ́s calculations. Scary, isn’t it?</p

Even scarier is that ransomware may not be your biggest problem. Several security companies have reported “cryptojacking” is growing in popularity among cyber criminals due to it being a cheaper, less-risky-yet-more-profitable form of malware than ransomware. Furthermore, it’s virtually undetectable.

Think Like
a Cybercrook

This special report focuses
on the realities of phishing
and recommends defenses
you can use to reduce your risk.

Read More

What is Cryptojacking?

Cryptojacking definition: Crypto-jacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Cybercriminals infect computers with a crypto-mining code that works in the background, mining cryptocurrency and delivering it to attackers as unsuspecting victims use their computers normally.

Although individual computers don ́t yield much processing power on their own, attackers can build a botnet of infected devices and make them work together – harnessing vast processor resources across a network of infected computers and stealing a small amount of bandwidth from each.

The cost to the organization is the loss of performance, or – if operating in the cloud – the cost of provisioning more resources to cope with greater processing demands. However, the latest strains of crypto-jacking malware have the built-in ability to crash victims ́ computers if they attempt to remove it.

How is Cryptojacking Malware Deployed?

It will come as no surprise to learn the most common way computers are infected is via phishing emails. Cybercriminals send the phishing emails to unsuspecting victims, inviting them to click on a link, which either downloads the crypto-mining code directly, or redirects the victim to a compromised website.

The compromised website could be entirely genuine except for an injected script that automatically executes, and will therefore fail to appear on URIBL or SURBL blacklists.  Cryptojacking detection is difficult for anti-virus software because scripts are constantly changing.

Although some security solutions are waking up to the threat of crypto-jacking, there is no perfect cryptojacking blocker. The best way to avoid becoming a victim of this malware strain is to stay ahead of the phishing methods being used to deploy cryptojacking, and the best way to stay ahead is with Cofense’s malware intelligence service.

1:1 Demo
Powerful Solutions

We'll talk with you about your company's
specific needs and provide
demonstrations of our
recommended solutions.


Cofense’s Malware Intelligence Service

Cofense’s malware intelligence reports are compiled from millions of suspicious emails we receive daily through our Cofense Reporter service and other sources. The Cofense Triage service filters out false positives and spam emails, leaving only genuine threats for our team of analysts.

Once genuine threats are verified and confirmed, we issue detailed malware intelligence reports that not only alert organizations to new or emerging threats, but that also inform them of the URLs of compromised websites so access to the malware can be blocked by web filtering applications.

Organizations can choose how they receive our malware intelligence reports. We distribute them by email and as Machine-Readable Threat Intelligence reports that can be read by Security Information and Event Management applications (SIEMs) and Threat Intelligence Programs (TIPs).

Stay Ahead of Cryptojacking Malware and Other Email-Borne Threats with Cofense

The speed with which our malware intelligence reports are distributed enables organizations to act quickly to stay ahead of email-borne threats – not only threats related to cryptojacking, but all formats of malware and ransomware, and other phishing attempts that could have serious consequences.

Cofense integrates seamlessly with more than twenty common security solutions in order that threats can be blocked faster through automation, while the depth of intelligence provided enables security teams to better understand the nature of the threats and their potential impact.

To find out more about Cofense’s malware intelligence service, do not hesitate to contact us. Our team will be happy to organize a free demo of Cofense in action for you to better understand how your organization can stay ahead of email-borne threats with malware intelligence reports from Cofense.