On Cyren.com we use cookies to improve your user experience. By using this site, you consent to our use of cookies. Learn moreAccept and Close
Cyren.com nutzt Cookies um Ihnen den bestmöglichen Service zu bieten. Durch Ihren Besuch dieser Website stimmen Sie der Verwendung von Cookies zu. Mehr erfahrenAkzeptieren und Schließen
Protect From Evasive Phishing with Email Security Defense-in-Depth
by John Callon
Email security is broken. Companies are attempting to defend against today’s sophisticated attacks using technology developed to block spam and malware.
In the late 1990s, spam had become a serious problem and propagation of malware by email started to increase. In response, email security software was created. The popular open source spam filtering software, SpamAssassin, was first made available in 2001. It included various detection techniques, such as Bayesian filtering, IP reputation and blocklists. The Secure Email Gateway (SEG), a product category that came into being in the early 2000s, still uses these techniques today.
Emotet malware campaigns continue to evolve, below we share a breakdown of samples of two new malicious downloader variants that appeared toward the end of January, as can be seen in this chart of the samples detected by Cyren per day during the month of January. We list IOCs and payload detections for each below.
Internet platforms, financial sites, and shopping brands are still the most popular targets for phishing, according to new research from the Cyren Security Lab.
Exploiting CAPTCHA: The Latest Evasive Phishing Tactic
by Duncan Mills
The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been used in commercial applications since the early 2000s. As its name suggests, it is a mechanism for ascertaining that a real, live human is performing an action at a web site. CAPTCHA is generated by distorting letters and numbers in such a way that a computer using OCR cannot resolve it. Typical applications were originally centered on authentication. For example, if you enter an incorrect password multiple times, you might be presented with a CAPTCHA to ensure that a bot is not attempting to brute force a login. Today there are other applications, such as preventing bots automatically posting good product reviews to falsify scores on review sites.
In the past week we've been receiving reports of different—but seemingly related—email malware campaigns targeting banks in both the US and Europe, specifically in the form of Excel Workbooks containing a malicious macro being sent as an attachment to emails. What's interesting is that even though the email themes used are varied, the attached bait documents are mostly similar.
