CoFense Scam News

Cofense Intelligence has recently identified a series of end-of-year and holiday bonus-themed credential phishing emails.

A secure email is an email that uses encryption and authentication to protect the privacy and integrity of the shared information. 

Security awareness training (SAT) has been around for over a decade and is now common practice. Today, most responsible corporations run an SAT program. That might seem like a victory for internet security, and in a sense, it is. Yet, from the point of view of improving cybersecurity outcomes, most of the SAT field died years ago—innovation brains eaten away—leaving behind solutions walking around as “compliance checkbox” zombies. This is a huge problem.

The fight to protect digital systems from cyber criminals grows more challenging every day, especially with the rise of sophisticated tools like the recently discovered Rockstar 2FA phishing-as-a-service kit. Featured in a recent article from Forbes, this latest exploit is causing waves due to its ability to bypass two-factor authentication (2FA), a security measure that has previously been regarded as a gold standard.

The holiday season is a time of joy and relaxation, but it often brings an influx of corporate emails ranging from leave approvals to scheduling paid time off. The Cofense Phishing Defense Center (PDC) has recently intercepted a malicious phishing email masquerading as a legitimate end-of-year leave approval notice. Disguised as a formal HR communication, this email leverages the urgency and importance of year-end leave scheduling in order to trick the recipients into clicking a malicious link. This enables the threat actor to steal sensitive information via FormBook malware. 

Subject customization using either the recipient’s name, email address, phone number, or company name is a common tactic used in phishing emails to deceive recipients. Threat actors often include the company name or designated recipient’s personal information to disguise the true intent of the email. Our analysis shows that certain industries are more targeted by these types of attacks than others. From data drawn from Q3 2023 to Q3 2024, Cofense Intelligence identified the top five targeted industries and the common subject customization tactics that were seen within each industry.

In an ever-changing threat landscape, where AI and automation are being leveraged to not only detect but stop malicious campaigns, how does an attack that seems rudimentary become effective? By understanding how these tools work and by using social engineering, TAs (Threat Actors) can circumvent automation and gain access to company infrastructure with modest effort

We’re thrilled to announce that Security Matterz has appointed Cofense as their strategic partner for email security. This collaboration marks the culmination of three years of in-depth discussions and will see Security Matterz integrating Cofense’s cutting-edge solutions into their product portfolio to expand and enhance their email security offering across Saudi Arabia and the wider Gulf.

Modern enterprise environments make use of multiple tools such as Secure Email Gateways (SEGs) and Endpoint Detection and Response (EDR) solutions to prevent malware from getting onto a user’s device. However, many of these protection measures have flaws that threat actors often take advantage of. One of the easiest ways for threat actors to bypass many of these protections is by putting malware inside certain types of archives. Notably, since November of 2023, Cofense has seen an increase in the use of attached archives other than .zips. This is greatly contributed to by Windows building native support to unarchive a wider variety of archive files in November of 2023. These files include .rar, .7z, .tar, and .gz archives. There are other archive formats, which will be covered briefly in this report, however the main emphasis will be on the most popular file extensions threat actors use, such as .zip archives as well as the relatively new native Windows archives, as Cofense has witnessed a higher volume with these formats.

OpenSea is a well-known NFT (non-fungible token) platform and is the go-to platform for many entry-level NFT enthusiasts looking to enter the crypto collectible market. However, what if OpenSea itself could be exploited to gain access to new user crypto wallets who are likely unaware of TA (Threat Actor) phishing tactics? Learning to identify these threats can help users who seek to use platforms such as OpenSea keep their crypto wallets safe and feel more secure while navigating the NFT marketplace.

In an era where online convenience has become the norm, the risk of identity theft through scam websites has surged. The potential for exploitation grows as more services transition to conducting business online. These sites pose a significant risk to personal security and undermine public trust in the digital infrastructure we have in place. A recent threat observed by the Cofense Phishing Defense Center aims to steal an individual’s identity by having them upload screenshots of various government identification documents and turn on their camera for facial recognition. Phishing attempts such as these pose significant risks to the individual and can have far-reaching effects on organizations or the people around them.

LEESBURG, Va., November 19, 2024 — Cofense, the pioneer and leading provider of email security awareness training (SAT) and advanced phishing detection and response (PDR) solutions, today announced the release of its Q3 2024 Phishing Intelligence Trends Review curated from the Cofense Phishing Defense Center. The report shows that Cofense detected one malicious email bypassing customers’ secure email gateways (SEGs) every 45 seconds – up from every 57 seconds as reported in the 2023 annual report.