Threat actors continually leverage and create a plethora of tactics to bypass Secure Email Gateways (SEGs). These include encoding malicious URLs with other SEG protection tools, obfuscating file contents, and abusing SEG treatment of “legitimate” files. Recently, threat actors appear to be abusing how SEGs scan the contents of archive type file attachments. The threat actors utilized a .zip archive attachment and when the SEG scanned the file contents, the archive was detected as containing a .Mpeg video file and was not blocked or filtered. When this attachment was opened with common/popular ..read more

Email security tools such as Secure Email Gateways (SEGs) often encode URLs that are embedded in emails. This enables the security appliance to scan the URL before the recipient visits the website. Oftentimes when SEGs detect URLs in emails that are already SEG encoded they do not scan the URLs, or the scanning shows only the security tool’s scanning page and not the actual destination. As a result, when an email already has SEG encoded URLs the recipient’s SEG often allows the email through without properly checking the embedded URLs. Threat actors have abused this for some time, but Q2 of th ..read more

Found in Environments Protected By: Google, Outlook 365, Proofpoint By Sabi Kiss, Cofense Phishing Defense Center Phishing attacks are becoming increasingly sophisticated, and the latest attack strategy targeting employees highlights this evolution. In this blog post, we’ll dissect a recent phishing attempt that impersonates a company’s Human Resources (HR) department, and we’ll provide detailed insights to help you recognize and avoid falling victim to such scams. This phishing email is designed to look like an official communication from your company’s HR department. It arrives in your inbox ..read more

Found in Environments Protected By: Microsoft By Andrew Mann, Cofense Phishing Defense Center Everyone today has some form of social media, whether it is Instagram, X, YouTube or Facebook. It is an amazing way to communicate and stay connected with family and friends, but at the same time, it can be scary when your social media falls victim to a cyber-attack. These types of campaigns illustrate how secure email gateways (SEGs), or any type of automated system, may fail to catch things that only the trained eye can. Threat analysts here at the Cofense Phishing Defense Center (PDC) are properly ..read more

Cofense recently identified and named a new malware called Poco RAT, which is a simple Remote Access Trojan that targets Spanish language victims. It was first observed in early 2024, primarily focusing on companies in the Mining sector and initially was delivered via embedded links to 7zip archives containing executables that were hosted on Google Drive. The campaigns are ongoing and continue to exhibit the same TTPs. The majority of the custom code in the malware appears to be focused on anti-analysis, communicating with its Command and Control center (C2), and downloading and running files ..read more

The New Employee Engagement Index empowers employees; making them security allies, not liabilities. LEESBURG, Va. – June 26, 2024 – Cofense®, the leader in email threat detection and response solutions, today unveiled new enhancements to its PhishMe® Employee Security Awareness Training (SAT) Platform. The latest addition, Employee Engagement Index, is set to transform how organizations manage email security risks. The introduction of the Employee Engagement Index (EEI) transforms employees into security allies. This innovative tool continuously monitors employee interactions with PhishMe simu ..read more

By Jacob Malimban STR RAT is a remote access trojan (RAT) written in Java that was first seen in 2020. Like other RATs, it gives threat actors full control when it is successfully installed onto a machine. STR RAT is capable of keylogging, stealing credentials, and even delivering additional malicious payloads. The malware receives a version update every year, on average. These updates correlate with the renewed use of STR RAT by threat actors. Currently, 60% of the STR RAT samples that Cofense analyzed from January 2023 to April 2024 are delivered directly to the email as opposed to an embedd ..read more

By Nathaniel Raymond Microsoft Office documents in the Office365 software suite have become a mainstay for many users who need to create documents for business reports, college essays, resumes, essential notetaking, and even strategic analyses. Office documents offer a wide range of not only text but data editing software solutions that include technologies that introduce algorithmic logic via a macro or, more recently, with the integration of Python scripting being added to Excel for a more dynamic and logical way of interpreting, editing, and displaying data. However, this versatility also m ..read more

By Dylan Duncan The majority of businesses today utilize social media platforms for advertising products, sharing updates, and customer engagements. But what happens when a business account falls into the hands of a threat actor? This report explores the inner workings of an advanced phishing campaign capable of bypassing multi-factor authentication (MFA) to target Meta business accounts. Cofense has discovered a comprehensive toolkit enabling threat actors to create malicious links, verify if they are active threats, generate emails, and other additional tasks. As it stands, this campaign p ..read more

At Cofense, we have been active in testing, validating, and deploying general AI tools for the last three years – and we have learned a lot. How these tools integrate with our products and processes are constantly evolving, and the trends we are observing may surprise some of you. AI defensive tactics are not going to solve AI offensive phishing attacks. Although AI is helpful, it’s just one ingredient, and it’s not the most important one. Nothing comes close to the solving and reasoning power of a properly trained human being – in this case your employees. The human brain is integral to and ..read more