Upload File

all nets have holes - cofense · this key finding1 in the cofensetm phishing threat & malware...

  • Home
  • Documents
  • ALL NETS HAVE HOLES - Cofense · This key finding1 in the CofenseTM Phishing Threat & Malware Review 2019 is based on research by the Cofense Phishing Defense CenterTM. From October
1
! ! ! ! www... www... www... ALL NETS HAVE HOLES OF VERIFIED PHISHING EMAILS WERE FOUND IN ENVIRONMENTS USING SECURE EMAIL GATEWAYS (SEGS) This key finding 1 in the Cofense TM Phishing Threat & Malware Review 2019 is based on research by the Cofense Phishing Defense Center TM . From October 2018 to March 2019, our team verified over 31,000 malicious emails reported by customers’ users. This data is augmented below by findings from the Cofense Research and Cofense Intelligence TM teams. The onslaught of credential phishing shows no signs of letting up. Threat actors are seeking network credentials, the keys to the enterprise kingdom. Of verified phish were credential phish nearly almost Of credential phishing attacks were found in environments with one or more SEGs Verified phishing emails that delivered malware Of phishing attacks delivering malware were found in environments with one or more SEGs Distinct credential phishing URL’s have been identified in the wild since Q1 2018 Source: Cofense Research Verified BEC attacks In global business losses due to BEC attacks Source: FBI, Sept 2019 Of BEC attacks were found in environments with one or more SEGs WHAT PHISHING THREATS ARE SQUIRMING PAST PERIMETER TECHNOLOGY? CREDENTIAL PHISH MALWARE DELIVERY Traditionally a wire transfer scam aimed at CFOs and CEOs, Business Email Compromise has shifted to targeting payroll administrators to reroute direct deposits. BEC occurs less frequently than other attacks, but inflicts billions of dollars in losses. BUSINESS EMAIL COMPROMISE (BEC) The game of Whack-A-Mole continues. As soon as anti-malware defenses evolve, threat actors turn on the creativity. New tactics and techniques ensure that malware payloads still reach their targets. CLOUD FILESHARING ABUSE Two Microsoft services, Sharepoint and OneDrive, got roughed up pretty badly. We analyzed over 9,000 phish that abused cloud filesharing services and found: CVE-2017-11882 A geezer as vulnerabilities go (it dates back to 2000), this flaw in Microsoft Equation Editor was heavily exploited to deliver malware via malicious attachments. We expect the danger to ebb as more security teams patch it. ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! CREDIT CARD CREDIT CARD Of payloads were hosted on Sharepoint Of payloads were hosted on OneDrive Unique Emotet malware infections through April 2019 Source: Cofense Research Unique domains used on a single day by the Emotet botnet Source: Cofense Research Of all malicious attachments over the last 12 months exploited CVE-2017-11882 Of all malicious attachments over the last 12 months used malicious macros The Emotet botnet is lord and master of the malware landscape. Emotet relies on compromised sites to deliver its payloads. EMOTET WHAT ARE WE SEEING IN THE WILD? over over And finally, a ray of hope. Ransomware has steadily declined over the last two years. But threat actors still use ransomware against select high-profile targets. Download your copy of our Phishing Threats & Malware Review 2019. 1. Identified SEG providers included Barracuda, BitDefender, Cisco Ironport, CloudMark, Cyren, Fortinet, Kaspersky, Microsoft Exchange Online Protection, Microsoft Advanced Threat Protection, Mimecast, Proofpoint, Symantec Email Security, and Trend Micro. RANSOMWARE Of these total campaigns delivered GandCrab ransomware. It's the king crab in a smaller sea. Unique ransomware families delivered in high-volume phishing campaigns Source: Cofense Intelligence Fewer Than GET THE FULL STORY— DOWNLOAD THE REPORT Cofense™, formerly known as PhishMe®, is the leading provider of human-driven phishing defense solutions for organizations concerned with their susceptibility to sophisticated cyber attacks. Cofense delivers a collaborative, cooperative approach to cybersecurity by enabling organization-wide response to the most used attack vector—phishing. Cofense serves customers of all sizes across multiple industries including financial services, energy, government, healthcare, technology and manufacturing, as well as other Global 1000 entities that understand how engaging user behavior will improve security, aid incident response and reduce the risk of compromise.

Upload: others

Post on 22-May-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: ALL NETS HAVE HOLES - Cofense · This key finding1 in the CofenseTM Phishing Threat & Malware Review 2019 is based on research by the Cofense Phishing Defense CenterTM. From October

!!

!!

www...www...

www...

ALL NETS HAVE HOLES

OF VERIFIED PHISHING EMAILS WERE FOUND IN ENVIRONMENTS USING SECURE EMAIL GATEWAYS (SEGS)

This key finding1 in the CofenseTM Phishing Threat & Malware

Review 2019 is based on research by the Cofense Phishing

Defense CenterTM. From October 2018 to March 2019, our team verified over 31,000

malicious emails reported by customers’ users. This data is augmented below by

findings from the Cofense Research and Cofense IntelligenceTM teams.

The onslaught of credential phishing

shows no signs of letting up. Threat

actors are seeking network credentials,

the keys to the enterprise kingdom.

Of verified phish were credential phish

nearly almost

Of credential phishing attacks were found in environments

with one or more SEGs

Verified phishing emails that delivered malware

Of phishing attacks delivering malware were found in environments

with one or more SEGs

Distinct credential phishing URL’s have been identified in

the wild since Q1 2018 Source: Cofense Research

Verified BEC attacks In global business losses due to BEC attacks

Source: FBI, Sept 2019

Of BEC attacks were found in environments with one or more SEGs

WHAT PHISHING THREATS ARE SQUIRMING PAST PERIMETER TECHNOLOGY?

CREDENTIAL PHISH

MALWARE DELIVERY

Traditionally a wire transfer scam aimed at CFOs

and CEOs, Business Email Compromise has shifted

to targeting payroll administrators to reroute direct

deposits. BEC occurs less frequently than other

attacks, but inflicts billions of dollars in losses.

BUSINESS EMAIL COMPROMISE (BEC)

The game of Whack-A-Mole continues. As

soon as anti-malware defenses evolve, threat

actors turn on the creativity. New tactics and

techniques ensure that malware payloads

still reach their targets.

CLOUD FILESHARING ABUSE

Two Microsoft services, Sharepoint and

OneDrive, got roughed up pretty badly. We

analyzed over 9,000 phish that abused

cloud filesharing services and found:

CVE-2017-11882

A geezer as vulnerabilities go (it dates back to

2000), this flaw in Microsoft Equation Editor was

heavily exploited to deliver malware via

malicious attachments. We expect the danger

to ebb as more security teams patch it.

! ! ! !

! ! ! !

! ! ! !

! ! ! !

CREDIT CARD

CREDIT CARD

Of payloads were hosted on Sharepoint

Of payloads were hosted on OneDrive

Unique Emotet malware infections through April 2019

Source: Cofense Research

Unique domains used on a single day by the Emotet botnet

Source: Cofense Research

Of all malicious attachments over the last 12 months

exploited CVE-2017-11882

Of all malicious attachments over the last 12 months used

malicious macros

The Emotet botnet is lord and master of

the malware landscape. Emotet relies on

compromised sites to deliver its payloads.

EMOTET

WHAT ARE WE SEEING IN THE WILD?

over

over

And finally, a ray of hope. Ransomware has

steadily declined over the last two years. But

threat actors still use ransomware against

select high-profile targets.

Download your copy of our Phishing Threats & Malware Review 2019.

1. Identified SEG providers included Barracuda, BitDefender, Cisco Ironport, CloudMark, Cyren, Fortinet, Kaspersky, Microsoft Exchange Online Protection, Microsoft Advanced Threat Protection, Mimecast, Proofpoint, Symantec Email Security, and Trend Micro.

RANSOMWARE

Of these total campaigns delivered GandCrab ransomware. It's the king crab in a smaller sea.

Unique ransomware families delivered in high-volume

phishing campaignsSource: Cofense Intelligence

Fewer

Than

GET THE FULL STORY—DOWNLOAD THE REPORT

Cofense™, formerly known as PhishMe®, is the leading provider of human-driven phishing defense solutions for organizations concerned with their susceptibility to sophisticated cyber attacks. Cofense delivers a collaborative, cooperative approach to cybersecurity by enabling organization-wide response to the most used attack vector—phishing. Cofense serves customers of all sizes across multiple industries including financial services, energy, government, healthcare, technology and manufacturing, as well as other Global 1000 entities that understand how engaging user behavior will improve security, aid incident response and reduce the risk of compromise.

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails

Phishing Spear Phishing - ASSP Region I€¦ · Phishing& Spear Phishing attacks are similar -key differences: •Phishingcampaign -very broad and automated, think 'spray & pray’

Submerge Session Agenda - Cofense · 2020. 8. 6. · Submerge Session Agenda WELCOME AND OPENING REMARKS Posse vs Cattle Rustlers: Deputizing Users with Cofense Reporter Every time

Gone Phishing, an Anti-Phishing Program Journey€¦ · Gone Phishing, an Anti-Phishing Program Journey Ava Logan-Woods, Information Security Specialist Eshante Lovett, Information

Anti-Phishing Technologydocs.apwg.org/reports/phishing-sfectf-report.pdf1/19/2005 Anti-Phishing Technology 2 The frequency of phishing attacks has increased dramatically in recent

Cofense Annual Phishing Report...ANNUAL PHISHING REPORT 2019 For some users, it takes a few bad clicks before the “Aha!” moment happens. Repeat offenders—users that click during

Phishing - Study Mafiastudymafia.org/wp-content/uploads/2015/03/CSE-phishing-report.pdf · Phishing software and computer programs are designed to prevent the occurrence of Phishing

INTELLIGENT PHISHING DEFENSE · FIND THREATS FASTER ENABLE & ENCOURAGE REPORTING CONDITION USERS TO SPOT REAL THREATS Phishing attacks are the #1 cause of data breaches. The Cofense

Cofense-TAP Palo Altocofense.com/wp-content/uploads/2017/03/TAP-PaloAlto.pdf · With the Cofense and Palo Alto Networks enterprise security integration: • Suspicious, employee-reported

The Power of the Collective - cofense.com · Speed Incident Response Cofense Vision TM and Cofense Intelligence strengthen your organization’s ability to quickly identify and respond

What is Phishing | How to Spot a Phishing email or Website 2020 | Antivirus for Phishing Attack

Phishing Awareness - Valdosta State University€¦ · Types of Phishing Attacks Spear phishing - Phishing attempts directed at specific individuals or companies have been termed

Phishing - Fred 151 · 2020-03-21 · di Phishing. 2 Identificare Come riconoscere il Phishing. Cosa fare se siamo vittime di Phishing 3 Esempi Esempi di email di Phishing. 4 Test

Why phishing still works: user strategies for combating phishing … · 2020. 9. 23. · Why phishing still works: user strategies for combating phishing attacks Mohamed Alsharnouby,

Jan 23, 2003Computational Gene Finding1 Sanja Rogic CS Department UBC

UNCLASSIFIED//FOUO DoD Spear-Phishing Awareness Training · Spear Phishing is a GREATER threat!!! Spear Phishing is a highly targeted phishing attempt. The attacker selectively chooses

Q2 Malware Review - Cofense€¦ · continuing trends in Q2 of 2017 that reinforce the business risk of phishing as a global issue. An Evolving Threat Landscape and Public Discourse

Submerge Session Schedule - Cofense...Submerge Session Schedule Using Responsive Delivery to Enhance your Phishing Incentive Program 2:30 PM Salon GHoly Mackerel: Reducing Phish Click

© Copyright 2020 Cofense . Confidential. All rights reserved

OutlookforWindows - Sacramento State · Speech Add-ins Adobe Send & Track Cofense Report Phishing 3/26/2020 Click "OK" to report this email to the IRT Security Office. Thank you for

SHOW ME THE MONEY! · A Closer Look at Phishing in the Financial Industry Cofense Industry Brief. COFENSE INDUSTRY BRIEF: FINANCE ... Susceptibility Rate Reporter Rate Resiliency

Phishing and Social Media - Cofense · 2020-06-02 · Phishing and Social Media Millions of people log in to their social media profiles every day. In fact, over 1.3 billion users

Phishing & Spear Phishing - info.vadesecure.com Marketing Website... · Phishing Spear Phishing Understanding an Emerging Threat to Healthcare Organizations 5 vadesecure.com How Phishing

THE STATE OF PHISHING DEFENSE - IT-security€¦ · learning email filters in place to identify BEC emails. Cofense is observing BEC emails coming from real compromised accounts in

Phishing and Anti-phishing techniques

Phishing Prevention, Solutions & Services | Cofense - How to Spot … · 2020. 9. 4. · Phishing emails will try to fluster recipients by creating a sense of urgency. Fear Scaring

SPEAR PHISHING - dandh.com...SPEAR PHISHING VS PHISHING Spear phishing and phishing attacks both leverage impersonation to commit fraud. The difference between the two is that spear

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques

Mobile Phishing Protection · Mobile Phishing Protection Anywhere Zero-Hour Protection Against the Broadest Range of Phishing Threats for iOS and Android SlashNext Mobile Phishing

Anti-Phishing Technology - APWG › reports › phishing-sfectf-report.pdf · 1/19/2005 Anti-Phishing Technology 2 The frequency of phishing attacks has increased dramatically in

TAX-TIME PHISHING SCAMS - Cofense · Tax-related phishing occurs when cybercriminals, spoofing emails or impersonating co-workers, executives or authorities, send fraudulent emails

CofenseTM Professional Services › wp-content › uploads › 2018 › 02 › Cofense-Data… · mitigate phishing threats. The team becomes a strategic partner – an extension

COMBATTING MODERN EMAIL PHISHING ATTACKS · 2016-11-07 · Combatting modern email phishing attacks More effective than traditional phishing scams, spear-phishing attacks are carefully

Cofense-TAP Palo Alto · 2020-01-02 · With the Cofense and Palo Alto Networks enterprise security integration: • Suspicious, employee-reported phishing emails are ingested by

PHISHING THREAT MALWARE REVIEW - Cofense · PHISHING THREAT AND MALWARE REVIEW: 2019 Figure 1: As identified by the Cofense Phishing Defense Center. PHISHING THREATS BY TYPE October