PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Panda versus DELoader: Threat Actors Experiment to Find the Best Malware for the Job

BY Neera Desai IN Internet Security Awareness, Phishing

One important task for threat actors is the pursuit of new and innovative techniques for infiltrating their victims’ networks. A major aspect of this pursuit is the selection of a malware that can accomplish the mission at hand. For example, a ransomware threat actor may seek out the ransomware tool that guarantees the highest rate of ransom payment. However, threat actors with different missions might seek out tools using different success criteria. Threat actors can experiment and transition between these tools because, in many ways, these malware varieties represent interchangeable parts in an attack life cycle.

READ MORE

0 comments

New Phishing Emails Deliver Malicious .ISO Files to Evade Detection

BY Chase Sims IN Malware Analysis, Phishing, Phishing Defense Center

On May 22, 2017, PhishMe® received several emails with .ISO images as attachments via the Phishing Defense Center. ISO images are typically used as an archive format for the content of an optical disk and are often utilized as the installers for operating system. However, in this case, a threat actor leveraged this archive format as a means to deliver malware content to the recipients of their phishing email. Analysis of the attachments showed that this archive format was abused to deliver malicious AutoIT scripts hidden within a PE file that appears to be a Microsoft Office Document file, which…

READ MORE

0 comments

WannaCry Highlights an Evolving Threat Landscape

BY Brendan Griffin IN Internet Security Awareness, Malware Analysis, Ransomware

The WannaCry ransomware incident has galvanized global media coverage and dominated discussion among information security professionals since Friday, May 12. The speed with which this malware was able to spread within enterprise networks and how rapidly so many large organizations were impacted is unsettling. Yet, as the dust begins to settle, it is clear that this episode has left a number of lessons in its wake–lessons to be harnessed by defenders and their adversaries. While this attack is an expansive topic that will continue to evolve as more discoveries are made about the impact, origin, and spread of the WannaCry…

READ MORE

0 comments

FBI Announces That BEC Scam Losses Continue to Skyrocket, as Losses Exceed $3.1B

BY phishme IN Malware Analysis, Phishing, Phishing Defense Center

Financial losses from business email compromise (BEC) scams skyrocketed by 2,370% between January 2015 and December 2016, according to an FBI public service announcement released Thursday. The alarming statistic represents a sharp increase from the agency’s previous announcement, serving as a warning to users to stay vigilant in recognizing the threat.  

READ MORE

0 comments

Tales from the Trenches: DocuSign® DELoader Phishing Attack

BY phishme IN Internet Security Awareness, Malware Analysis, Phishing Defense Center

Over the past several days, the Phishing Defense Center identified and responded to several messages related to an ongoing phishing email campaign spoofing DocuSign to carry out an attack. These messages appear to be official DocuSign emails including links to review the document. Upon clicking the link, various malicious files are downloaded to the victim’s computer including the DELoader financial crimes malware.

READ MORE

0 comments

In the Shadow of WannaCry, Jaff Ransomware Arrives Using Familiar Phishing Techniques

BY Brendan Griffin IN Malware Analysis, Phishing, Ransomware

Adding another entry to the ever-growing list of encryption ransomware, the Jaff Ransomware made its debut onto the threat landscape with large sets of phishing emails on May 11, 2017 – one day before the sensational impact of the WannaCry ransomware attack. However, the risks posed by the Jaff ransomware should not be overlooked. This, too, is a robust ransomware that leverages some of the most prolifically-used delivery mechanisms in phishing email and embodies characteristics associated with other very successful malware.

READ MORE

0 comments

What You Can Do About the WCry (WannaCry) Ransomware

BY Tim Armstrong IN Cyber Incident Response, Internet Security Awareness, Malware Analysis

As most of you are aware, a fast moving, self-propagating attack blew across the internet over the weekend, and it’s not over yet. Using an alleged NSA exploit , this malware is able to quickly traverse a network and deliver a ransomware payload affecting hundreds of countries and hundreds of thousands of users.

READ MORE

0 comments

WCry / WannaCry Ransomware Devastates Across the Globe

BY Tim Armstrong IN Internet Security Awareness, Malware Analysis, Phishing

A strain of encryption malware, or ransomware, is making a global presence today as numerous organizations struggle to respond. Reports of infections were found all over the globe.

READ MORE

0 comments

Aaron Higbee Chats Google Doc Scam and other Phishing Trends on the Charles Tendell Show

BY phishme IN Internet Security Awareness, Phishing

This week, our co-founder and Chief Technology Officer Aaron Higbee had an opportunity to discuss the recent Google Docs phishing scam on the The Charles Tendell Show.

READ MORE

0 comments

FireEye: Russians, Others Exploiting Zero-day Microsoft Office Vulnerabilities

BY phishme IN Phishing

FireEye has identified three new zero-day vulnerabilities in Microsoft Office products that have been exploited by Russian cyber espionage entities and a yet-to-be-identified group.

READ MORE

0 comments

Bogus Claim: Google Doc Phishing Worm Student Project

BY Aaron Higbee IN Internet Security Awareness, Malware Analysis, Phishing

According to internet sources, Eugene Pupov is not a student at Coventry University. Since the campaign’s recent widespread launch, security experts and internet sleuths have been scouring the internet to discover the actor responsible for yesterday’s “Google Doc” phishing worm. As parties continued their investigations into the phishing scam, the name “Eugene Popov” has consistently popped up across various blogs that may be tied to this campaign. A blog post published yesterday by endpoint security vendor Sophos featured an interesting screenshot containing a string of tweets from the @EugenePupov Twitter handle claiming the Google Docs phishing campaign was not a…

READ MORE

0 comments

Google Doc Phishing Attack Hits Fast and Hard

BY PhishMe IN Phishing, Phishing Defense Center

Google Doc Campaign Makes a Mark In the process of managing phishing threats for our customers, our Phishing Defense Center and PhishMe Intelligence teams saw a flood of suspicious emails with subject line stating that someone has “has shared a document on Google Docs with you”, which contained a link to “Open in Docs”. The “Open in Docs” link goes to one of several URLs all within the https://accounts.google.com website.

READ MORE

0 comments

April Sees Spikes in Geodo Botnet Trojan

BY phishme IN Phishing, Phishing Defense Center

Throughout April, our Phishing Defense Team observed an increase in malicious URLs that deliver the financial crimes and botnet trojan known as Geodo. These emails take a simple approach to social engineering, using just a sentence or two prompting the victim to click on a link to see a report or invoice that has been sent to them. An example of a typical phishing email used in these attacks is shown below: Following the malicious links will lead the victim to download a hostile JavaScript application or PDF document tasked with obtaining and executing Geodo malware. One common attribute of…

READ MORE

0 comments

Orange is the New Hack?

BY Tim Armstrong IN Internet Security Awareness, Phishing

One of the most popular Netflix series, Orange is the New Black, scored an early parole due to some bad behavior this weekend. TheDarkOverload, the group claiming responsibility for the hack, already released the season five premier and is threatening to release “a trove of unreleased TV shows and movies.”

READ MORE

0 comments

BEC Scams Hit Technology Giants for over $100 Million Dollars

BY Tim Armstrong IN Internet Security Awareness, Phishing

Even the biggest companies fall for it. This week, reports showed that Business Email Compromise (BEC) scams, sometimes referred to as CEO Fraud Emails, netted over $100 million dollars from Facebook and Google. While people are increasingly aware of phishing emails containing links and attachments, BEC scams (also known as CEO Fraud) continue to reward criminals with alarming effectiveness. These phishing scams fly past traditional security roadblocks because there are no URLs or Attachments to scan.

READ MORE

0 comments

Off-the-shelf Zyklon Botnet Malware Utilized to Deliver Cerber Ransomware

BY Neera Desai IN Malware Analysis, Phishing, Threat Intelligence

Recent, large-scale distributions of the Zyklon botnet malware mark a continuing trend of off-the-shelf malware use. This multipurpose trojan, capable of supporting numerous criminal activities, has been identified in phishing attacks more and more frequently through the month of April. The bulk of these campaign have leveraged resume- and job-applicant-themed messaging as in the phishing narrative. The most recent analyses of this distribution have shown that the threat actors are attempting to leverage the malware’s full feature set by not only using it as an information stealer, but also as a downloader used to obtain and deploy the Cerber ransomware…

READ MORE

0 comments

Locky Stages Comeback Borrowing Dridex Delivery Techniques

BY Brendan Griffin IN Malware Analysis, Phishing, Ransomware

The ransomware that defined much of the phishing threat landscape in 2016 raged back into prominence on April 21, 2017 with multiple sets of phishing email messages. Harkening back to narratives used throughout 2016, these messages leveraged simple, easily-recognizable, but perennially-effective phishing lures to convince recipients to open the attached file.

READ MORE

0 comments

Does your Incident Response Plan include Phishing?

BY phishme IN Cyber Incident Response, Phishing, Phishing Defense Center

It’s no secret that 90% of breaches start with a phishing attack. The question is: are you prepared to recognize phishing and respond to it? Many organizations are concerned with how much spam they receive and implement controls specific to spam. But you shouldn’t confuse preventing spam with responding to phishing attacks.

READ MORE

0 comments

How Dridex Threat Actors Craft Phishing Attacks, No Exploits Necessary

BY Brendan Griffin IN Malware Analysis, Phishing, Ransomware

Threat actors using the Dridex botnet malware received a great deal of attention recently for their purported utilization of content exploiting a previously un-patched vulnerability in Microsoft Word. This exploit, which took advantage of unexpected behavior in the handling of certain document types, was reportedly used to deliver the Dridex botnet malware via documents attached to phishing emails. However, the bulk of Dridex campaigns leverage far more common delivery techniques that abuse the functionality that already exists in Microsoft Office and Adobe Reader rather than deploying some complex exploit content. This serves as a reminder that threat actors don’t always…

READ MORE

0 comments

Wide-Spread Ursnif Campaign Goes Live

BY phishme IN Phishing Defense Center

On April 5th, our Phishing Defense Center received a flurry of emails with subject line following a pattern of Lastname, firstname. Attached to each email was a password-protected .docx Word document with an embedded OLE package. In all cases the attachments were password protected to decrease the likelihood of detection by automated analysis tools. A password was provided to the victim in the body of the email which attempts to lure the victim into opening the malicious attachment and to increase the apparent legitimacy of the message. 

READ MORE

0 comments