Cofense News

Most Common Healthcare Phishing Emails Identified

Posted by HIPAA Journal

A new report by Cofense has revealed the most common healthcare phishing emails and which messages are most likely to attract a click.

The 2018 Cofense State of Phishing Defense Report provides insights into susceptibility, resiliency, and responses to phishing attacks, highlights how serious the threat from phishing has become, and how leading companies are managing risk.

The high cost of phishing has been highlighted this week with the announcement of a settlement between the HHS’ Office for Civil Rights and Anthem Inc. The $16 million settlement resolved violations of HIPAA Rules that led to Anthem’s 78.8 million record data breach of 2015. That cyberattack started with spear phishing emails. In addition to the considerable cost of breach remediation, Anthem also settled a class action lawsuit related to the breach for $115 million. Even an average sized breach now costs $3.86 million to resolve (Ponemon/IBM Security, 2018).

Previous Cofense research suggests that 91% of all data breaches start with a phishing email and research by Verizon suggests 92% of malware infections occur as a result of malicious emails. Cofense cites figures from Symantec’s 2018 Internet Security Threat Report which suggests that on average, 16 malicious email messages are delivered to every email user’s inbox every month.

Cofense is the leading global provider of human-driven phishing defense solutions, which are used by half of Fortune 500 companies to improve resiliency to phishing attacks. For its latest report, Cofense analyzed the responses to more than 135 million phishing simulations sent through its platform and approximately 50,000 real phishing threats reported by its customers.

Cofense notes that out of the potentially malicious emails reported by end users, one in ten were confirmed as malicious. Half of those messages were phishing emails designed to get end users to disclose credentials.

Across all 23 industry sectors that were represented in the study, 21% of reported crimeware emails contained malicious attachments. By far the most common theme for phishing emails were fake invoices, which accounted for six of the ten most effective phishing campaigns of 2018 to date.

While fake invoices are often used in phishing attacks on healthcare organizations, they are only the third most common type of phishing email (16.5%). In all other industry sectors, fake invoices were the most common phishing threat. The second most common healthcare phishing emails were alerts of new messages in a mailbox (25.5%). The most common healthcare phishing emails were fake payment notifications (58%).

Cofense data shows that the most effective methods for reducing risk from phishing are training and phishing simulations. Technical email security solutions are essential, but they do not block all malicious messages. Only through training and simulations can end users be conditioned to recognize and respond appropriately to malicious messages. The industries with the highest resiliency to phishing attacks are those that train more often.

Cofense suggests that to get the most out of phishing simulation exercises they should focus on active threats. Training is recommended at least every quarter to condition employees to look for and report phishing emails. Companies that encourage reporting of potential phishing threats rather than scolding employees for failing phishing tests tend to have greater success.

The full list of recommendations for security awareness training and phishing simulations can be found in the Cofense State of Phishing Defense Report, which is available on this link.

The post Most Common Healthcare Phishing Emails Identified appeared first on HIPAA Journal.

Healthcare Industry Highly Susceptible to Phishing Attacks and Lags Other Industries for Phishing Resiliency

Posted by HIPAA Journal

Phishing is one of the leading causes of healthcare data breaches. The healthcare industry is extensively targeted by phishers who frequently gain access to healthcare data stored in email accounts. In some cases, those email accounts contain considerable volumes of highly sensitive protected health information.

In August 2018, Augusta University Healthcare System announced that it was the victim of a phishing attack that saw multiple email accounts compromised. The breached email accounts contained the PHI of 417,000 patients. The incident stood out due to the number of individuals impacted by the breach, but it was just one of several healthcare organizations to fall victim to phishing attacks in August.

Data from the HHS’ Office for Civil Rights shows email is the most common location of breached PHI. In July, 14 healthcare data breaches out of 28 involved email, compared to 6 network server PHI breaches – The second most common location of breached PHI. It was a similar story in May and June with 9 and 11 email breaches reported respectively.

Cofense Research Shows Healthcare Industry Lags Behind Other Industries in Resiliency to Phishing

The anti-phishing solution provider Cofense (Formerly PhishMe) recently published an Industry Brief which explored the problem of phishing in the healthcare industry.

The report, entitled ‘Say “Ah!” – A Closer Look at Phishing in the Healthcare Industry’, confirmed the extent to which the healthcare industry is targeted by cybercriminals. The healthcare industry accounts for 1/3 of all data breaches, which have resulted in the exposure or theft of more than 175 million records.

It is no surprise that the healthcare industry is targeted by hackers as healthcare organizations store vast amounts of extremely valuable data: Health information, insurance information, Social Security numbers, dates of birth, contact information, and financial data. Information that can easily be sold to identity thieves and fraudsters.

Further, the healthcare industry has historically underinvested in cybersecurity with security budgets typically much lower than in other industry sectors such as finance.

Cofense data shows that healthcare organizations fare worse than other industries in terms of susceptibility and resiliency to phishing attacks. To measure susceptibility, Cofense used data from its phishing simulation platform – Susceptibility being the percentage of healthcare employees that were fooled by a phishing simulation. Resiliency to phishing attacks is the ratio of users who reported a phishing attempt through the Cofense Reporter email add-on versus those that did not.

Across all industries, the susceptibility rate was 11.9% and the resiliency rate was 1.79. For healthcare, susceptibility was 12.4% and resiliency was 1.34. The insurance industry had a resiliency rate of 3.03 while the energy sector had a resiliency rate of 4.01.

The past few years have seen cybersecurity budgets increase and a greater emphasis placed on security and risk management. The extra funding for anti-phishing defenses is having a positive effect, although there is considerable room for improvement.

Source: Cofense

How Are Healthcare Employees Being Fooled by Phishers?

An analysis of the phishing email simulations that most commonly fooled healthcare employees reveals a mix of social and business emails. The type of email most likely to fool a healthcare employee was a requested invoice, followed by a manager evaluation, package delivery notification, and a Halloween eCard alert, all of which had a click rate above 21%. Emails about holiday eCard alerts, HSA customer service emails, and employee raffles also commonly fooled employees.

Data from Cofense Intelligence shows invoice requests to be one of the most common active threats, often used to deliver ransomware. 32.5% of healthcare employees were fooled by those emails in simulations and only 7.2% reported the emails as suspicious.

The Cofense report includes further information on the most commonly clicked phishing emails and advice for healthcare companies to help reduce susceptibility to phishing attacks. The Cofense Healthcare Industry Brief can be downloaded on this link (PDF).

The post Healthcare Industry Highly Susceptible to Phishing Attacks and Lags Other Industries for Phishing Resiliency appeared first on HIPAA Journal.

Updates to Cofense Phishing Simulation Platform Add Even More Opportunities for Automation

Posted by HIPAA Journal

Cofense has announced that further updates have been made to its award-winning phishing email simulation platform, Cofense PhishMe. The updates provide even greater opportunities for automating phishing simulation campaigns to save administrators even more time.

Security awareness and anti-phishing training is now an important part of healthcare organizations’ cybersecurity programs. In addition to investing in technology to block phishing and other email-based threats, end users require training. Even layered defenses will not stop all phishing threats from reaching inboxes. Without training, end users will remain the weakest link in the security chain.

Phishing simulation exercises are an important part of the training process. They allow security teams to assess how effective their training programs have been and identify weak points in the training program. They also allow security teams to identify individuals who have failed to understand certain parts of the training program.

While phishing simulation platforms include some opportunities for automation and scheduling, creating and running phishing simulations can still be a time-consuming process.

The latest updates to the Cofense PhishMe platform incorporate even more opportunities for automation. Whereas creating a program of 12 phishing scenarios and scheduling those campaigns over the course of a year would have taken an administrator about three hours to complete, the update shaves off 91% of that time. The same 12 campaigns can be created and scheduled in 15 minutes.

This has been achieved with the use of playbooks. The playbooks can be used to create, schedule, and launch phishing templates and schedule them over the course of a year. Additionally, administrators can automate the sending of reminders to end users based on the training programs they have competed – or not completed – saving even more time. The playbooks also incorporate the lessons learned from phishing simulation campaigns conducted by 400 of Fortune 1000 companies that have used the Cofense PhishMe platform.

“At Cofense we believe in automation as a way to relieve security operators of the repetitive tasks to allow them to focus on strategic, intelligent decision-making,” said Rohyt Belani, Co-founder and CEO of Cofense. “Playbooks are meant to allow both managed services providers and our end clients the ability to choose various programs just like one does on a treadmill in a gym, so they don’t need to focus on the metaphorical tasks of having to change speed and incline but can instead focus on designing and tracking the appropriate success criteria and presenting them appropriately to senior management.”

In addition to the Cofense PhishMe updates, the Leesburg, VA-based company has also recently launched its new phishing-specific Security Orchestration, Automation and Response (SOAR) platform, has incorporated board-level reporting, and has launched mobile Cofense Reporter and more accurate Microsoft attachment tracking. These updates and the continued high-level innovation have helped the company remain the market leader in phishing defense and attack disruption.

The post Updates to Cofense Phishing Simulation Platform Add Even More Opportunities for Automation appeared first on HIPAA Journal.

Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform

Posted by HIPAA Journal

Cofense has developed a new product which will soon be added to its portfolio of anti-phishing solutions for healthcare organizations and incorporated into its phishing-specific security orchestration, automation and response (SOAR) platform.

The announcement comes at a time when the healthcare industry has been experiencing an uptick in phishing attacks. The past few months have seen a large number of healthcare organizations fall victims to phishing attacks that have resulted in cybercriminals gaining access to employee’s email accounts and the PHI contained therein.

Perimeter security defenses can be enhanced to greatly reduce the number of malicious emails that reach employees’ inboxes, but even when multiple security solutions are deployed they will not block all phishing threats.

Security awareness training is essential to reduce susceptibility to phishing attacks by conditioning employees to stop and think before clicking links in emails or opening questionable email attachments and to report suspicious emails to their security teams.

However, security teams can struggle to identify real threats quickly. Employees will typically report a wide range of emails, not just malicious messages. Most organizations will see their abuse mailboxes fill up rapidly and security teams often waste valuable time sifting through messages to find the real threats.

Cofense has attempted to solve the problem with the release of a SOAR platform that helps incident response teams identify and mitigate phishing attacks in progress much more rapidly. Cofense Triage allows incident response teams to rapidly assess, analyze, and remediate phishing attacks in real-time by filtering out the noise.

Cofense Triage has recently been enhanced with new features that allow third-party security solutions to be integrated through its REST API to ensure an optimized, security orchestration response. Remediating phishing threats has been made easier through automation using playbooks and workflows – sets of criteria that will automatically execute a response to mitigate an attack if certain criteria are met.

Now the Leesburg, VA-based anti-phishing vendor has developed a new anti-phishing solution – Cofense Vision – which will soon be incorporated into its phishing-specific SOAR. Cofense Vision – due to be generally available in Q4 2018 – will make it easier and quicker to identify all phishing emails in a campaign and quarantine them rapidly to neutralize the threat.

When a phishing email is identified, it is unlikely to be the only copy of the message in an organization’s email system. Tens or even hundreds of copies may be hiding in other inboxes, including carbon copies of the message, variations along the same theme, and totally different messages containing the same malicious payload.

Cofense Vision helps incident response teams search, identify, and quarantine all phishing emails in a particular campaign, querying messages by sender, date, subject, attachment name, attachment hash, and many more criteria. When all messages have been identified, they can be quarantined with a single click, removing all malicious messages from an organization’s entire email system.

This is just one of a host of new anti-phishing solutions that can be deployed to help healthcare organizations deal with the threat of phishing. As news breaks of a million-record-plus healthcare phishing attack, advanced phishing solutions are clearly needed to tackle the threat to the confidentiality, integrity, and availability of PHI.

The post Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform appeared first on HIPAA Journal.

Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform

Posted by HIPAA Journal

Cofense has developed a new product which will soon be added to its portfolio of anti-phishing solutions for healthcare organizations and incorporated into its phishing-specific security orchestration, automation and response (SOAR) platform.

The announcement comes at a time when the healthcare industry has been experiencing an uptick in phishing attacks. The past few months have seen a large number of healthcare organizations fall victims to phishing attacks that have resulted in cybercriminals gaining access to employee’s email accounts and the PHI contained therein.

Perimeter security defenses can be enhanced to greatly reduce the number of malicious emails that reach employees’ inboxes, but even when multiple security solutions are deployed they will not block all phishing threats.

Security awareness training is essential to reduce susceptibility to phishing attacks by conditioning employees to stop and think before clicking links in emails or opening questionable email attachments and to report suspicious emails to their security teams.

However, security teams can struggle to identify real threats quickly. Employees will typically report a wide range of emails, not just malicious messages. Most organizations will see their abuse mailboxes fill up rapidly and security teams often waste valuable time sifting through messages to find the real threats.

Cofense has attempted to solve the problem with the release of a SOAR platform that helps incident response teams identify and mitigate phishing attacks in progress much more rapidly. Cofense Triage allows incident response teams to rapidly assess, analyze, and remediate phishing attacks in real-time by filtering out the noise.

Cofense Triage has recently been enhanced with new features that allow third-party security solutions to be integrated through its REST API to ensure an optimized, security orchestration response. Remediating phishing threats has been made easier through automation using playbooks and workflows – sets of criteria that will automatically execute a response to mitigate an attack if certain criteria are met.

Now the Leesburg, VA-based anti-phishing vendor has developed a new anti-phishing solution – Cofense Vision – which will soon be incorporated into its phishing-specific SOAR. Cofense Vision – due to be generally available in Q4 2018 – will make it easier and quicker to identify all phishing emails in a campaign and quarantine them rapidly to neutralize the threat.

When a phishing email is identified, it is unlikely to be the only copy of the message in an organization’s email system. Tens or even hundreds of copies may be hiding in other inboxes, including carbon copies of the message, variations along the same theme, and totally different messages containing the same malicious payload.

Cofense Vision helps incident response teams search, identify, and quarantine all phishing emails in a particular campaign, querying messages by sender, date, subject, attachment name, attachment hash, and many more criteria. When all messages have been identified, they can be quarantined with a single click, removing all malicious messages from an organization’s entire email system.

This is just one of a host of new anti-phishing solutions that can be deployed to help healthcare organizations deal with the threat of phishing. As news breaks of a million-record-plus healthcare phishing attack, advanced phishing solutions are clearly needed to tackle the threat to the confidentiality, integrity, and availability of PHI.

The post Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform appeared first on HIPAA Journal.

CSO Online Rates Cofense Triage One of Best Security Software Solutions of 2018

Posted by HIPAA Journal

Cofense Triage, the phishing incident response platform, has been included in CSO Online’s 2018 list of the best security software solutions of 2018.

To produce the list, CSO Online conducted independent reviews of a wide range of software solutions. Strict review methodologies were used to select the best security products currently on the market. Each product was researched to find out how it worked, how the solution could be deployed in customer environments, the benefits it provided, and the major problems that the solution resolved.

The review was based on the top technology areas for security identified by Gartner, which included cloud workload protection platforms, remote browsers, deception technologies, endpoint detection and response platforms, network traffic analysis solutions, managed detection and response services, microsegmentation solutions, cloud access security brokers, OSS security scanning services for DevSecOps, and container security.

CSO Online tested all security solutions in a dedicated lab environment with each tested, where appropriate, against some of the most dangerous threats faced by businesses.

CSO Online selected 12 top vendors – one in each category – with Cofense Triage selected as the best security software solution in the phishing defense category. CSO Online explained that Cofense Triage is still evolving but even in its current form it is one of the most advanced defenses businesses and implement to protect them from phishing attacks.

Cofense Triage is deployed as an on-premises virtual appliance that connects with corporate email programs and helps companies manage reports from employees of suspected phishing attempts and phishing attacks in progress.

Secure email gateways and anti-spam solutions are essential, but they fail to block all phishing threats. Many malicious emails make it past those perimeter defenses and are delivered to end users’ inboxes.

Security awareness training – also provided by Cofense – helps employees recognize phishing threats. A one-click phishing email reporting solution – such as Cofense Reporter – allows employees to quickly send suspicious emails to their security teams. Managing those emails can be difficult and time consuming, which is where Cofense Triage helps. Through a combination of human intelligence and machine learning, the solution helps security teams quickly identify the wheat from the chaff and concentrate on the real phishing attempts rather than wasting time on false positives.

Cofense notes that typically only 10% of reported emails are malicious in nature. Security teams often spend a considerable amount of time assessing the 90% of reported emails that are non-malicious in nature.

“Cofense Triage is crucial for security operations teams to quickly find and disrupt active phishing attacks mere minutes after being reported within their organization. Having Triage recognized as one of this year’s best security software solutions, and the best phishing defense solution, by the technical experts at CSO Online is a true testament to that ability,” said Aaron Higbee, CTO and co-founder of Cofense.

The post CSO Online Rates Cofense Triage One of Best Security Software Solutions of 2018 appeared first on HIPAA Journal.

Cofense Launches Free Tool That Checks for SaaS Applications Using Corporate Domains

Posted by HIPAA Journal

The anti-phishing solution provider Cofense has launched a new tool that allows organizations to check what Software-as-a-Service (SaaS) applications have been registered by employees using corporate domains.

The tool identifies configured cloud services, allowing security teams to check which SaaS applications are in use and take action over unauthorized use of cloud applications by employees.

The solution will query a corporate domain against a list of commonly used SaaS applications and will return a list of all SaaS applications that are in use, highlighting applications that have been provisioned without prior approval from the IT department. A file can be downloaded detailing all SaaS applications in use which can be compared with future scans to identify new SaaS applications that have been provisioned since the last time the query was run.

Shadow IT introduces risks, yet IT departments are often unaware of employees’ activities. Many companies are in the dark about the software used by their employees and the cloud services registered using company domains. This new service will help to improve security by identifying the latter.

An additional threat from the unsanctioned use of SaaS applications is the potential for SaaS providers to be impersonated by scammers.

“CEO fraud or Business Email Compromise (BEC) is a very real threat that typically targets members in finance.  But attackers can easily repurpose the technique creating realistic phishing sites targeting HR, IT, Engineering, Support, etc… masquerading as cloud tools the organization actually uses, ” said Cofense co-founder and CTO, Aaron Higbee. “CloudSeeker shines a light on shadow IT and counters the security risk it presents by seamlessly fitting into an organization’s broader security ecosystem. By offering this free solution to businesses, we are leveling up the playing field between attackers and would-be victims. After all, putting up a good defense requires a strong offense, critical to this is knowing where the threats are in the first place.”

The cloud security tool – CloudSeeker – is available free of charge to all organizations, even those who have not signed up to use the Cofense suite of anti-phishing and phishing intelligence services. The solution only requires a corporate domain to be entered. No personally identifiable information is required.

The post Cofense Launches Free Tool That Checks for SaaS Applications Using Corporate Domains appeared first on HIPAA Journal.

PhishMe Rebrands as Cofense and Announces Acquisition by Private Equity Syndicate

Posted by HIPAA Journal

PhishMe, the leading provider of human phishing defense solutions, has announced that from February 26, 2018, the firm will be known as Cofense. Along with the name change, the firm has announced it has been acquired by a private equity syndicate, which valued the firm at $400 million.

PhishMe was formed in 2007 with the aim of developing products and services to tackle the growing threat from phishing. Employees have long been viewed as the weakest link in security, yet the human element of security defenses was often neglected. Over the years, PhishMe developed its products and services to help companies improve their last line of defense and turn security liabilities into security assets.

PhishMe has helped thousands of organizations improve their defenses against phishing through training and phishing simulations. The firm has also developed a range of associated products and services including a reporting platform that has now been adopted by more than 2 million users, as well as incident response and threat intelligence services.

While phishing defense is still at the heart of the, the name change reflects the more comprehensive range of products and services now being offered and future plans for expansion of its enterprise-wide attack detection, response, and orchestration solutions.

The acquisition will help in that regard. With the backing of the private equity syndicate, the company’s finances have been secured and the firm is planning to expand and enhance its products and services and increase its global reach.

“This acquisition further strengthens the alignment between our management team, employees, and investors as we focus on building an enduring company,” explained Cofense co-founder and CEO Rohyt Belani. “With cybersecurity a top priority for organizations everywhere, our goal is to continue bringing innovative products to markets around the globe to help stop active attacks faster than ever.”

The post PhishMe Rebrands as Cofense and Announces Acquisition by Private Equity Syndicate appeared first on HIPAA Journal.