Apr 11th, 2018

Phishing attack shut down in 19 minutes with Cofense Triage


Imagine a cunning phisher: he knows his craft and sends your users an email appearing to come from your CEO that bypasses all your other technology. What would you do?

One of our customers faced that very scenario and relied on Cofense TriageTM and the Cofense Phishing Defense Center (PDC) to analyze and respond to the attack in less than 20 minutes after it launched.

The phishing email was sophisticated.

The customer, VP of Information Security for a healthcare company, leverages Cofense Triage, managed by the PDC, to automate analysis of suspicious emails reported by employees as well as phishing attack response.

"An attacker sent an email that showed he´d really done his homework," said the VP. "The email looked and sounded exactly as though our CEO had sent it. The attacker had clearly gone to our website and noticed our ethics policy. Mimicking language on the site, the email reminded employees about the policy and, like the simulated election email we sent, asked people to click a link to agree they would follow the rules."

But our customer was ready.

The link took them to a counterfeit Office365 page that asked for login credentials. The goal of the phishing attack was to harvest passwords, gain file system access and steer automatic payroll deposits into the attackers´ accounts. The email was highly believable, with several thousand recipients clicking on it.

Fortunately, within 60 seconds after the phishing attack began, employees trained through Cofense PhishMeTM reported the email, so it could go straight into Cofense Triage for analysis. After escalating the incident and conducting a thorough investigation, the PDC called the customer, who blocked the phishing site, retracted the email, and stopped the rerouting of payroll.

"If we hadn´t been prepared, the damage would have been worse," said the VP. "We were able to retract the email in under 20 minutes."

Read the full case study for a minute-by-minute account. Besides learning more about Cofense Triage, you´ll see how this customer uses Cofense PhishMe to train employees to recognize phishes and Cofense ReporterTM to report them for investigation.

New Cofense Triage features now orchestrate even faster response.

As this customer´s story shows, Cofense Triage has always helped to find threats fast. Now, a series of updates accelerate response through seamless orchestration:
  • Our Who Else feature identifies users who click on reported emails, so you can quickly find and mitigate any damage.
  • Noise Reduction helps you cut through the noise of commercial emails to find real threats; put another way, it separates spam and the like from malicious emails, making the haystack smaller.
  • Our API makes it easy to integrate Cofense Triage with other incident response systems.

Together, these updates speed your ability to analyze emails and hunt down threats. Learn more about orchestrating a faster response to phishing.
About Cofense
Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.
Press Contact:
Michael Tunk
Marketing Manager

SPECTRAMI GmbH
Martin-Behaim-Str. 22
63263 Neu-Isenburg
Germany

Phone: +49 6102 7487 250
Email:



 

SPECTRAMI DMCC

2402, Mazaya Business Avenue,
       BB1 Tower, JLT, P.O. BOX 487840
       Dubai, UAE

+971 4 4357209

info@spectrami.com

+971 4 4357216

Next Events

Apr 25th - 26th, 2018
IP Expo Manchester
in Manchester, UK
Jun 10th - 14th, 2018
Cisco Live Orlando
in Orlando, FL, USA
Jun 10th - 14th, 2018
Cisco Live Orlando
in Orlando, FL, USA
©2018 SPECTRAMI DMCC. All Rights Reserved.

Search