PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Macro Based Anti-Analysis

BY Sean Wilson IN Blog

Over the past several months PhishMe research has noticed an increase with Anti-Analysis techniques being included within Office macro and script files. This is the first post in a series where we look at the inclusion and effectiveness of these methods. Although the use of Anti-Analysis techniques is not new, they are generally observed within the packed payload in an effort to avoid detection by endpoint security solutions. Most recently we came across a campaign of emails which included a malicious Microsoft Word document. The document contains a standard lure using an image instructing the user to enable active content…

READ MORE

0 comments

PhishMe Triage™ Advances Malware Investigation with Lastline Analyst

BY PhishMe IN Blog

Phishing Incident Response – Through Automated Malware Analysis Conditioning employees to detect and report suspicious email is a strategy security leaders have adopted through PhishMe’s innovative solutions. CISOs have realized that while technology continues to get better at preventing malware, the attackers continue to elevate their game and never rests, and neglecting people as defenders would be a mistake.

READ MORE

0 comments

Cyber Crime: The Unreported Offense

BY Gary Warner IN Cyber Crime, Phishing, Security Management, Spam

On July 22, 2016 the UK’s Office for National Statistics released crime details for the year ending March 2016.  For the first time, this data included information about fraud and computer misuse offenses, which was compiled in the National Crime Survey for the first time in October 2015. While the police recorded 4.5 million offenses from March 2015 to March 2016, the survey indicates there were likely 3.8 million fraud instances and 2 million computer misuse instances during that same year, with the vast majority of these crimes being unreported to law enforcement.  The report has caused for a new call for additional…

READ MORE

0 comments

Reality-checking Mr.Robot Ransomware

BY Gary Warner IN Blog

WARNING: MAJOR SPOILER ALERT! USA Network’s television show, Mr.Robot, kicked off Season 2 with a BANG!   The program features the exploits of a hacker named Elliot Alderson (Rami Malek) who uses the alias “Mr.Robot” to work with a team of hackers who call themselves F-Society and have as their mission the destruction of a major corporation that they call “Evil Corp,” whose logo calls back to the Big Corporate Corruption of Enron. In this episode, the attack is against the “Bank of E.”

READ MORE

0 comments

RockLoader Delivers New Bart Encryption Ransomware

BY Brendan Griffin IN Phishing

Another ransomware tool has been added to the ever-growing encryption ransomware market with the introduction of the Bart encryption ransomware. Named by its creators in its ransom payment interface as well as in the extension given to its encrypted files, the Bart encryption ransomware has leveraged some distinctive mechanisms for delivery during its early deployments. Furthermore, this ransomware shares some interface elements that evoke the same look and feel used by the Locky encryption ransomware ransom payment interface. In many ways the Bart encryption ransomware is a very mainstream encryption ransomware in both the files it targets for encryption (a…

READ MORE

0 comments

Phishing ‘tests’ are… USELESS

BY John Robinson IN Phishing

While perusing reddit.com, a well-known social hotbed of ‘intellectual superiority’, I came across the following string: *sigh* Asked by the boss man to phish the team… What I discovered is what appears to be a never ending lamentation on the ‘uselessness’ of phishing tests. I couldn’t agree more.  Phishing ‘tests’ are indeed useless.

READ MORE

0 comments