PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Italian DHL-Themed Phishing leads to Ursnif, Spambot

BY Darrel Rendell IN Malware Analysis

PhishMe Intelligence™ recently intercepted a subtle, DHL-spoofing campaign delivering a heavily-obfuscated JavaScript file. When executed, this JavaScript file downloads and runs a variant of the Ursnif/Gozi-ISFB trojan. Ursnif, in addition to its banker and stealer pedigree, acts as a downloader to serve a nasty surprise to the infected system. This is the first time PhishMe Intelligence has observed Ursnif actively delivering a spambot onto an infected system. Given Ursnif’s usually stealthy tendencies, it is somewhat unusual to see such a pairing.

READ MORE

0 comments

PhishMe is SOC 2 compliant. Here’s how that helps you.

BY phishme IN Internet Security Awareness

Information security is important to everyone, in particular organizations that outsource operations to third-party vendors (like SaaS or cloud-computing providers). If data isn’t handled securely, an organization’s risk of exposure to data theft, extortion and malware increases dramatically.

READ MORE

0 comments

Another wave of Brazilian malspam leads to banking trojan

BY Oscar Sendin IN Malware Analysis, Phishing Defense Center

In October of 2017 we blogged about a phishing campaign specifically targeting Brazilian Portuguese- speaking users. Back then, the campaign distributed a malicious Chrome browser extension. More recently, we have observed a wave of emails that have remarkably similar characteristics. This time around, the malware of choice is a banking trojan.

READ MORE

0 comments

Missing in Action: Several Prominent Malware of 2017

BY Mollie Holleman IN Malware Analysis

Thus far in 2018, PhishMe Intelligence™ has observed a lull in multiple malware families that were prominent throughout 2017. There are several possible reasons for this hiatus.

READ MORE

0 comments

Meltdown and Spectre: Prospects for Impact and Steps to Protect Yourself

BY Mollie Holleman IN Internet Security Awareness

The recent disclosure of critical CPU vulnerabilities, Meltdown and Spectre, have rocked the information security industry due to the catastrophic consequences they have for data protection. Meltdown and Spectre exploit critical vulnerabilities present in almost all modern processors, creating the potential for leaks in sensitive data as it is processed on a computer or server. A malicious program exploiting these vulnerabilities would be able to access data stored in the memory of other running programs, such as passwords stored in a password manager or browser, personal emails or photographs, and other sensitive data. The vulnerabilities extend to personal computers, mobile…

READ MORE

0 comments

Identify, Prioritize, and Respond to Phishing Threats Faster with PhishMe and ServiceNow

BY phishme IN Cyber Incident Response, Malware Analysis

Improve the Phishing Incident Response Workflow with PhishMe Triage™ and ServiceNow® Security Operations Security leaders are bolstering their resiliency to phishing attacks. It starts with conditioning employees to recognize and report suspicious email. Take for example “Alice,” the CISO for a Fortune 100 company. Alice’s team regularly simulates real-world phishing on employees at all levels. The program involves behavioral conditioning that requires employees to report simulated and real attacks.

READ MORE

0 comments

Love Hurts – But Catphishing Doesn’t Have To

BY John Robinson IN Internet Security Awareness

For the past few years we have discussed the power of emotion in phishing emails. This is never more valuable to understand than during the upcoming Valentine’s season. The traditions of gift giving to current partners and the romanticized notions of hearing from a secret admirer are so firmly ingrained in our minds that we become easy targets for scam artists.

READ MORE

0 comments

Refocus Your Anti-Phishing From Vulnerability To Capability.

BY John Robinson IN Internet Security Awareness

In our 2017 Enterprise Phishing Resiliency and Defense Report, PhishMe® discusses the importance of moving past susceptibility as a key indicator of anti-phishing program success. We want to shift the conversation from vulnerability (susceptibility) to capability (resiliency). That is, what are an organization’s current anti-phishing capabilities—and how is positive behavior increasing them over time to build resiliency? The chart below tracks behavior among our clients’ users during phishing simulations. In it, resiliency equals users that “reported only” divided by “all that fell susceptible.” (The latter includes those that reported after falling for simulated phishes.) Figure 1 – Three-year Resiliency Trend…

READ MORE

0 comments

PhishMe Clients Are Reporting Ransomware Emails. Are You?

BY John Robinson IN Internet Security Awareness

With the steady rise in ransomware attacks and success, it’s highly likely that related phishing variants will continue to permeate the landscape in 2018. While this is not a new threat, it’s one that you want to be truly prepared to face. With that in mind, we looked back into our 2017 data and what we found is good news for those clients running active threat ransomware simulations in their environment. Across 246 simulations and more than 712k emails, the aggregate resiliency score was 2.63. This means that for every susceptible user, there were more than 2 that reported the…

READ MORE

0 comments

This Well-Trained User Caught a Phish

BY John Travise IN Cyber Incident Response, Malware Analysis

As security professionals, we often view our users as a potential liability. I have plenty of first-hand experience that confirms the trope myself. But what if users could become a strength instead of a chronic risk?

READ MORE

0 comments

New Enhancements Help Streamline Incident Response with PhishMe Triage

BY phishme IN Phishing

With security analysts pulled in many directions, they must be able to prioritize and invoke incident response on ransomware, business email compromise (BEC), malware infections, and credential-based theft emails. The key to this is the automation and streamlining of the incident response. PhishMe Triage™ has been updated with new features to help security analysts and incident response teams streamline their processes and secure administrative access. Key Features this Release Tighter Integration – Authenticated API for integration across the incident response team Additional Security – Two-factor authentication for PhishMe Triage users More Accountability – Audit logs are generated for all users…

READ MORE

0 comments

Zeus Panda Prominent in Italian-Language Phishing Throughout 2017

BY Mollie Holleman IN Malware Analysis

In 2017, PhishMe® analyzed over 40 Italian-language phishing campaigns that targeted victims with Zeus Panda. This popular multipurpose banking trojan is primarily designed to steal banking and other credentials, but is capable of much more as it provides attackers with a great deal of flexibility. Although some variation was observed, many of these campaigns demonstrated a large degree of shared tactics, techniques and procedures (TTPs).  Given the prolific nature of these campaigns, it is likely that Italian-language phish will continue to deliver Zeus Panda in 2018. Organizations should be alert to the indicators of compromise and phishing TTPs to prevent…

READ MORE

0 comments

Recent Sigma Ransomware Campaign Demonstrates Danger in the Simplest of Changes to Malware Delivery

BY Mollie Holleman IN Malware Analysis

On 1 December 2017, PhishMe Intelligence™ identified a new delivery technique for Sigma ransomware, which was most likely employed to evade automated detection and mitigation by email and anti-malware defenses. Potential victims received phishing emails with an embedded image as the message body that also included an attached Microsoft Office document containing a malicious macro. The embedded image contained a password that could be used to open the Microsoft Office document.

READ MORE

0 comments

Phishing defense: do you know your capabilities?

BY John Robinson IN Internet Security Awareness

As phishing continues to spread, executive teams across the globe are asking: “How well does our company recognize, report and respond to the threat?”

READ MORE

0 comments

In 2018, learn to call attackers’ bluffs.

BY John Robinson IN Internet Security Awareness

People often ask me about the future of phishing. What can we expect to see and how should we prepare?

READ MORE

0 comments

PhishMe Reporter: 5 Reasons Why 10M Users Are a Big Deal

BY phishme IN Internet Security Awareness

Okay, so it’s not billions of burgers. But when PhishMe Reporter® recently hit the 10 million mark—now deployed to 10 million end users’ work stations—the milestone was more than just a big number. A few reasons why:

READ MORE

0 comments

Report: beware consumer scams that target users at work

BY phishme IN Internet Security Awareness

Back in October, PhishMe® reported a Netflix email scam appearing in office in-boxes. Now our 2017 Phishing Resiliency and Defense Report confirms the danger: based on millions of simulated phishes across PhishMe customers, the study shows the most tempting workplace scams have a consumer flavor.

READ MORE

0 comments

Free training bundle: help your users spot the top holiday scams.

BY phishme IN Internet Security Awareness

The holidays are here and you know what that means. “Merry Phish-mas!” from every scammer who wants to bilk your business.

READ MORE

0 comments

Locky-Like Campaign Demonstrates Recent Evolving Trends in Ransomware

BY Neera Desai IN Malware Analysis

Over the US Thanksgiving holiday, PhishMe Intelligence™ observed a recent ransomware campaign, Scarab, that shares some similarities in behavior and distribution with Locky. In this campaign, Scarab was delivered by the Necurs botnet, which made headlines due to its distribution of Locky, which was one of the most prolific ransomware families of 2016 and 2017. Like Locky, Scarab can encrypt targets via both online and offline encryption.

READ MORE

0 comments

Here’s How Boards Should Measure Anti-Phishing Programs

BY John Robinson IN Phishing

In board rooms across the globe, directors are asking the question, “How is phishing affecting the organization and are we able to handle the risks?”

READ MORE

0 comments