STR RAT – Phishing Malware Baseline
Cofense Blog
by Hillary Long
3d ago
By Jacob Malimban STR RAT is a remote access trojan (RAT) written in Java that was first seen in 2020. Like other RATs, it gives threat actors full control when it is successfully installed onto a machine. STR RAT is capable of keylogging, stealing credentials, and even delivering additional malicious payloads. The malware receives a version update every year, on average. These updates correlate with the renewed use of STR RAT by threat actors. Currently, 60% of the STR RAT samples that Cofense analyzed from January 2023 to April 2024 are delivered directly to the email as opposed to an embedd ..read more
Visit website
Threats That Hide in Your Microsoft Office Documents
Cofense Blog
by Hillary Long
2w ago
By Nathaniel Raymond Microsoft Office documents in the Office365 software suite have become a mainstay for many users who need to create documents for business reports, college essays, resumes, essential notetaking, and even strategic analyses. Office documents offer a wide range of not only text but data editing software solutions that include technologies that introduce algorithmic logic via a macro or, more recently, with the integration of Python scripting being added to Excel for a more dynamic and logical way of interpreting, editing, and displaying data. However, this versatility also m ..read more
Visit website
Unmasking a Cyber Attack that Targets Meta Business Accounts
Cofense Blog
by Cofense
1M ago
By Dylan Duncan The majority of businesses today utilize social media platforms for advertising products, sharing updates, and customer engagements. But what happens when a business account falls into the hands of a threat actor? This report explores the inner workings of an advanced phishing campaign capable of bypassing multi-factor authentication (MFA) to target Meta business accounts. Cofense has discovered a comprehensive toolkit enabling threat actors to create malicious links, verify if they are active threats, generate emails, and other additional tasks. As it stands, this campaign p ..read more
Visit website
Artificial Intelligence and Machine Learning in Email Security: Our Learnings and Results
Cofense Blog
by Cofense
1M ago
At Cofense, we have been active in testing, validating, and deploying general AI tools for the last three years – and we have learned a lot. How these tools integrate with our products and processes are constantly evolving, and the trends we are observing may surprise some of you. AI defensive tactics are not going to solve AI offensive phishing attacks. Although AI is helpful, it’s just one ingredient, and it’s not the most important one. Nothing comes close to the solving and reasoning power of a properly trained human being – in this case your employees. The human brain is integral to and ..read more
Visit website
Phishing Detection and Response: What You Need to Know
Cofense Blog
by Cofense
2M ago
What is Phishing Detection and Response?  In today’s digital world, the strength of an organization’s cybersecurity posture directly influences its resilience against disruptions. Phishing Detection and Response (PDR) is a critical component of this defensive matrix––it involves identifying, assessing, and neutralizing malicious or suspicious activities within email systems as quickly as possible.   Why Prioritize PDR?  It’s simple – email is like the front door to your organization and just as you wouldn’t leave your front door wide open, the same is true for securing your ..read more
Visit website
Agent Tesla: The Punches Keep Coming
Cofense Blog
by Cofense
2M ago
By Nathaniel Raymond Agent Tesla has become a massively popular choice of malware for threat actors since its first appearance in 2014 and for good reasons. This vetted Malware-as-a-Service, MaaS, owes its popularity to many attractive factors that Cofense has broken down in a previous Strategic Analysis which include being an affordable malware service option, easy to use, having multiple capabilities at and during infection time, and being flexible in its exfiltration choices. These features, coupled with Agent Tesla’s relatively long life, have led this malware family to become the most wi ..read more
Visit website
Midnight Blizzard APT Group’s Attack on Microsoft and What It Means for Email Security 
Cofense Blog
by Cofense
3M ago
In the complex landscape of cybersecurity, the shadow of nation-state hacking looms large. Recently, the world witnessed a significant breach as Microsoft announced a large-scale attack by Midnight Blizzard, a group of Russian government-backed hackers. The repercussions of this attack have far-reaching consequences and call into question the ability of Microsoft to protect not only their customers’ email security, but their own executives.     Midnight Blizzard was able to gain unprecedented access to Microsoft’s corporate network. The initial shockwaves were felt as they rans ..read more
Visit website
New Cofense Vision UI Dashboard Unveiled: Actionable ROI at a Glance
Cofense Blog
by Cofense
3M ago
Phishing attacks are a real and persistent threat that require organizations to make significant investments to protect their most valuable assets. But how do executives and senior leaders know the return on investment (ROI) of their security systems? That’s exactly why we created the new Cofense Vision UI Dashboard; to help your organization understand and articulate the value Cofense Phishing Detection and Response (PDR) Platform brings to the organization. The platform is made up of threat hunting, phishing prevention and mitigation capabilities which allows customers to gain vis ..read more
Visit website
SVG Files Abused in Emerging Campaigns
Cofense Blog
by Cofense
3M ago
By Max Gannon Scalable Vector Graphic files, or SVG files, are image files that have become an advanced tactic for malware delivery that has greatly evolved over time. The use of SVG files to deliver malware was made even easier when the tool AutoSmuggle, a program used to deliver malicious files embedded in HTML or SVG content, was released in May 2022. Threat actors have recently started to extensively exploit AutoSmuggle in 2 unique campaigns starting in December 2023 and January 2024. Main Takeaways  SVG files have been used to deliver malware at scale as early as 2015.  SVG fi ..read more
Visit website
Car Insurance Emails Drives for NetSupport RAT Infection 
Cofense Blog
by Cofense
3M ago
By Nathaniel Raymond A relatively small malicious car insurance/financial-themed email campaign has been landing in inboxes since late January of this year. These basic malicious emails promise the user a large financial sum via an invitation to click the embedded marketing or Google Ad link that leads to a believed compromised website, blawx[.]com, where they can download the instructions to claim their lump sum of money. The website was re-designed to support the theme of the email and supply another link to download the “instructions.” However, the link on the website delivers a JavaScript ..read more
Visit website

Follow Cofense Blog on FeedSpot

Continue with Google
Continue with Apple
OR