PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Zeus Panda’s Modular Functions Provide Insight into Botnet Malware Capabilities

BY phishme IN Malware Analysis, Phishing

One core element of the information security mission is the successful assessment of the risk posed to an organization by a malware sample or malware variety delivered by a phishing email. In 2017, phishers have embraced the use of adaptable and flexible malware to gain initial footholds in a network before monetizing the infected host. The intersection of these two missions creates a scenario in which open-ended, adaptable botnet malware challenges information security professionals to prepare for a wide array of malware capabilities–in some case without much insight into the real risks posed by a malware tool. However, in some…

READ MORE

0 comments

The PhishMe 2017 Excellence Awards Nominations are Open!

BY phishme IN Phishing

Make your nominations for the 2017 PhishMe® Excellence Awards today! Every day, 1000s of companies use PhishMe as a cornerstone of their phishing defense program. The PhishMe Excellence Awards recognize the outstanding achievements of security professionals and organizations with innovative, successful anti-phishing and phishing defense programs to minimize the risk and impacts associated with phishing attacks.

READ MORE

0 comments

Ransomware: Don’t Make It Too Easy to Hit Your WordPress Site

BY Aaron Higbee IN Internet Security Awareness, Malware Analysis

Ransomware is a business.  And like all smart business people, hackers look for efficiencies to increase revenue and lower cost of delivery.

READ MORE

0 comments

PhishMe Free Launches to Protect SMBs

BY phishme IN Internet Security Awareness, Phishing

When it comes to cyberattacks, small businesses are big targets. That’s why we recently introduced PhishMe® Free, a no-cost, easy-to-use version of our award-winning anti-phishing simulation solution.

READ MORE

0 comments

Even the “Smart Ones” Fall for Phishing

BY Heather McCalley IN Internet Security Awareness, Malware Analysis, Phishing

It’s easy to believe that phishing only happens to people who aren’t smart enough to detect it. This simply isn’t true. As the tech-savvy developers at software company a9t9 have indicated in their statement[1] about a phishing incident last week, even smart developers can be fooled with a phish. As reported by Tripwire, a Chrome plugin developer fell for a phishing attack that allowed the threat actor to take control of a9t9’s account in the Chrome Store.  This means that the Copyfish plugin built by a9t9 was no longer under its control.  Meanwhile, the plugin has already been used to…

READ MORE

0 comments

Threat Actors Use Advanced Delivery Mechanism to Distribute TrickBot Malware

BY phishme IN Internet Security Awareness, Malware Analysis, Phishing

Threat actors’ consistent pursuit of improved efficiency is a key characteristic of the phishing threat landscape. One method for improving efficiency is to use a unique delivery technique that not only allows threat actors to distribute malware but also succeeds in evading anti-virus software and technologies.

READ MORE

0 comments

Ribbon Cutting – Running Macros with CustomUI Elements

BY Sean Wilson IN Malware Analysis, Phishing

PhishMe® Research has generally seen macro execution in PowerPoint tied to specific actions and events, such as a mouse interaction with an object or custom actions. But the “Ribbon Cutting” technique uses a different method; it runs macro code by creating a UI callback that is triggered when the file is opened. Although in the example below we use PowerPoint, the technique can be used in other Office applications that support ribbon customizations.

READ MORE

0 comments

Threat Actor Employs Hawkeye Malware with Multiple Infection Vectors

BY Chase Sims IN Internet Security Awareness, Malware Analysis, Phishing Defense Center

On July 13, 2017, the Phishing Defense Center reviewed a phishing campaign delivering Hawkeye, a stealthy keylogger, disguised as a quote from the Pakistani government’s employee housing society. Although actually a portable executable file [1], once downloaded, it masquerades its icon as a PDF. 

READ MORE

0 comments

Karo Ransomware Raises Stakes for Victims by Threatening to Disclose Private Information

BY phishme IN Internet Security Awareness, Malware Analysis, Phishing

A ransomware victim must have a compelling reason to go through the burdensome process of obtaining Bitcoin and paying the ransom. For many victims, the threat of permanently losing access to their files is enough. However, some ransomware authors and criminals seek to push victims harder by raising the stakes even further.

READ MORE

0 comments

Threat Actors Continue Abusing Google Docs and Other Cloud Services to Deliver Malware

BY phishme IN Internet Security Awareness, Malware Analysis, Phishing

A key part of phishing threat actors’ mission is to create email narratives and leverage malware delivery techniques that reduce the likelihood of detection. By combining compelling social engineering with seemingly benign content, threat actors hope to bypass technical controls and to convince their human victims of a phishing email’s legitimacy. One method with a long history of use is the abuse of Google Docs file sharing URLs to deliver malware content to victims. Because Google Docs and other cloud services may be trusted within an enterprise, threat actors will continue to abuse file sharing services to possibly bypass firewalls…

READ MORE

0 comments

Petya-like Ransomware Triggers Global Crisis with Echoes of WannaCry Attack

BY Brendan Griffin IN Internet Security Awareness, Malware Analysis, Ransomware

For the second time in as many months, networks around the world have been attacked using a worming ransomware that gains new infections by exploiting a recently-patched Windows SMB vulnerability among other proven techniques. What has been described a ransomware bearing significant similarities to the Petya encryption ransomware ravaged numerous companies and networks around the world with disproportionate impact in Ukraine and Eastern Europe but also inflicted harm to significant numbers of victims in Western Europe and North America.

READ MORE

0 comments

Threat Actors Leverage CVE 2017-0199 to Deliver Zeus Panda via Smoke Loader

BY Eesaan Atluri IN Malware Analysis, Phishing, Phishing Defense Center

Our Phishing Defense Center identified and responded to attacks leveraging a relatively new Microsoft Office vulnerability during the past few weeks. Last week, the PDC observed threat actors exploiting CVE 2017-0199 to deliver the Smoke Loader malware downloader which in turn was used to deliver the Zeus Panda botnet malware. These emails claim to deliver an invoice for an “outstanding balance” and trick the recipient to opening the attached file. In one instance, we have also seen the malicious attachment being delivered via URL.

READ MORE

0 comments

Tracking and Mitigating Zyklon Phishing Using Threat Intelligence and Yara

BY phishme IN Internet Security Awareness, Malware Analysis, Phishing

The Zyklon HTTP Botnet malware is a tool that is readily accessible to threat actors in online criminal marketplaces and has been observed in use for various criminal activities. Among its features is the ability to log the keystrokes typed by a victim as well as to collect other private or sensitive information, and one of the most notable uses for Zyklon has been as a downloader and delivery tool for the Cerber encryption ransomware. Over a dozen unique campaigns to deliver this malware have been identified and reported by PhishMe Intelligence and it represents one of the most rapidly-growing…

READ MORE

0 comments

Registration is Now Open for PhishMe Submerge 2017 – Phishing Defense Summit and User Conference

BY phishme IN Phishing

We are thrilled to announce today registration for this year’s PhishMe Submerge™ Phishing Defense Summit and User Conference is live! Last year’s summit was a massive success – you don’t want to miss out on this year’s event.

READ MORE

0 comments

SMILE – New PayPal Phish Has Victims Sending Them a Selfie

BY Chase Sims IN Malware Analysis, Phishing, Phishing Defense Center

Phishing scams masquerading as PayPal are unfortunately commonplace. Most recently, the PhishMe Triage™ Managed Phishing Defense Center noticed a handful of campaigns using a new tactic for advanced PayPal credential phishing. The phishing website looks very authentic compared to off-the-shelf crimeware phishing kits, but also levels-up by asking for a photo of the victim holding their ID and credit card, presumably to create cryptocurrency accounts to launder money stolen from victims.

READ MORE

0 comments

TrickBot Featured in New Wave of Phishing Emails Signaling Renewed Use of this Botnet Malware

BY Brendan Griffin IN Internet Security Awareness, Phishing

The TrickBot financial crimes and botnet malware has seen mild usage since its introduction in late 2016. While it is able to emulate many of the features that made the Dyre trojan so successful, many aspects of its deployment left it rough around the edges. Examples of this roughness like persistence via a scheduled Windows task named “Bot” limited this malware’s evasion and anti-forensic capabilities. Furthermore, previous deliveries leveraged relatively simplistic techniques such as relying on executables in archives attached to phishing emails securing new infections. However, with some very minor refinements to both the malware resident and delivery processes,…

READ MORE

0 comments

PhishMe® Adds GDPR Compliance Training Module to Complimentary CBFree Offering

BY phishme IN Internet Security Awareness, Phishing

Beginning today, we’re offering a complimentary, computer-based training module covering the European Union’s recent General Data Protection Regulation (GDPR) as part of our PhishMe CBFree™ package to help support companies throughout the UK and Europe that are required to comply.

READ MORE

0 comments

Panda versus DELoader: Threat Actors Experiment to Find the Best Malware for the Job

BY Neera Desai IN Internet Security Awareness, Phishing

One important task for threat actors is the pursuit of new and innovative techniques for infiltrating their victims’ networks. A major aspect of this pursuit is the selection of a malware that can accomplish the mission at hand. For example, a ransomware threat actor may seek out the ransomware tool that guarantees the highest rate of ransom payment. However, threat actors with different missions might seek out tools using different success criteria. Threat actors can experiment and transition between these tools because, in many ways, these malware varieties represent interchangeable parts in an attack life cycle.

READ MORE

0 comments

New Phishing Emails Deliver Malicious .ISO Files to Evade Detection

BY Chase Sims IN Malware Analysis, Phishing, Phishing Defense Center

On May 22, 2017, PhishMe® received several emails with .ISO images as attachments via the Phishing Defense Center. ISO images are typically used as an archive format for the content of an optical disk and are often utilized as the installers for operating system. However, in this case, a threat actor leveraged this archive format as a means to deliver malware content to the recipients of their phishing email. Analysis of the attachments showed that this archive format was abused to deliver malicious AutoIT scripts hidden within a PE file that appears to be a Microsoft Office Document file, which…

READ MORE

0 comments

WannaCry Highlights an Evolving Threat Landscape

BY Brendan Griffin IN Internet Security Awareness, Malware Analysis, Ransomware

The WannaCry ransomware incident has galvanized global media coverage and dominated discussion among information security professionals since Friday, May 12. The speed with which this malware was able to spread within enterprise networks and how rapidly so many large organizations were impacted is unsettling. Yet, as the dust begins to settle, it is clear that this episode has left a number of lessons in its wake–lessons to be harnessed by defenders and their adversaries. While this attack is an expansive topic that will continue to evolve as more discoveries are made about the impact, origin, and spread of the WannaCry…

READ MORE

0 comments