PhishMe expands Phishing Intelligence offerings through Malcovery asset aquisition

Posted by Hugh Docherty on Fri, Apr 8, '16


Technology Integration Will Provide Enterprises with Most Advanced, High Fidelity Phishing Threat Intelligence Available

LEESBURG, Va. – October 14, 2015 – PhishMe® Inc., the leading provider of phishing threat management solutions, announced today that it has acquired key assets of phishing intelligence firm – Malcovery Security LLC, for an undisclosed sum.

“This acquisition rounds out our portfolio of targeted phishing mitigation, detection, and response solutions, making us the go-to solution in the market,” said Rohyt Belani, CEO and co-founder of PhishMe.

Aaron Higbee, PhishMe’s CTO and co-founder, commented, “Enterprises want to know if they are being singled out by the attackers or are a part of a larger phishing campaign. Malcovery’s intelligence will help answer that. The integration of Malcovery’s offerings into PhishMe’s comprehensive anti-phishing platform will boost the accuracy and value of the intelligence and response capabilities for our customers.”

PhishMe will incorporate Malcovery’s Protect Your Network and Protect Your Brand offerings into its full lifecycle of anti-phishing products – Simulator, Reporter and Triage – empowering its customers with a cohesive solution to address the most significant attack vector today. The company will leverage the added layer of malware analysis and threat intelligence in everything from sourcing content for our simulations, to augmenting PhishMe Triage with enhanced analytics and automated response to phishing incidents.

“The combination of Malcovery’s in-depth external threat analysis and PhishMe’s real-time view into phishing attacks reported internally results in the highest-fidelity, actionable intelligence currently available,” said Gary Warner, Chief Technologist and co-founder of Malcovery Security. “We are thrilled to combine forces with PhishMe in this fight against cybercriminals and nation-state actors.”

The acquisition news comes in the midst of PhishMe’s hyper-growth period, as evidenced by its recent designation on the prestigious 2015 Inc. 5000 list of fastest growing private companies for the its record growth of 892 percent over the past three years. Malcovery’s expert team will add to PhishMe’s already growing staff, bringing the combined employee headcount to 200.

To learn more about PhishMe’s human-powered, anti-phishing offerings, visit

Connect with PhishMe

About PhishMe

PhishMe® is the leading provider of threat management for organizations concerned about human susceptibility to advanced targeted attacks. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.


Read More

Business Email Compromise and the Year of the Email Phish

Posted by Gary Warner on Wed, Sep 30, '15


When people ask me "What's going on with Phishing?" these days I tell them that 2015 will be remembered as the Year of the Email Phish.  Not Email Phish as in "someone sent me a link to a malicious website by email", but rather Email Phish as in "the goal of this phishing attack is to steal my email password."  During the calendar month of September 2015, we've received nearly 23,000 phishing reports for nearly 7,000 distinct domains that hosted a phishing attack intended primarily to lure the victim into revealing their userid and password.

Read More

Upatre malware adds simple anti-sandboxing mechanism

Posted by Brendan Griffin on Thu, Sep 17, '15

A number of recent samples of the Upatre malware have required that the newly infected system have been running for a minimum of approximately twelve minutes before this downloader will proceed to obtain its payload. This is believed to serve as an anti-sandboxing mechanism by ensuring that the environment in which the malware sample is being executed has not been booted for the express purpose of running and analyzing the malicious software. An early example of this technique is found in any of the binaries delivered by the spam messages profiled in Malcovery Threat ID 4301 using spam email content like that shown in the image below.

Read More

Topics: Malware, Malware Intelligence

Malware Trends and Tactics: 3 Things Companies Need To Do

Posted by Hugh Docherty on Fri, Aug 28, '15

Gary Warner, Malcovery's Chief Technologist, recently presented findings from our 2015 Q2 Malware Trends and Tactics report. The second quarter is notable for the diversity of campaigns that were observed. It's clear that there are more actors in the space, and many are experimenting with various crime tools in a variety of short-lived campaigns.

Malcovery produced 540 reports during the second quarter related to email-based malware and phishing attacks. In each case, Malcovery's analyst team dissected the campaign to uncover how it was designed to penetrate your network perimeter. Every report contains a confirmed set of domains, hosts, and artifacts associated with the campaign. Given the variety of payload malware and downloaded applications observed and the number of new hosts and domains supporting the malware attack, it is more important than ever to act quickly on indicators provided by threat intelligence services.

There are 3 things that companies need to do based on this analysis.

  1. Automate consumption of threat intelligence.
  2. Beware of Microsoft Office attachments.
  3. Review how your team is using third party file sharing services.
  Read More

Topics: Malware Intelligence, Protect Your Network

Deriving Malware Context Requires Human Analysis

Posted by Brendan Griffin on Mon, Jun 29, '15

Man versus machine is one of the oldest technology tropes. In the modern tech economy it represents one of the largest driving forces in many industries in which processes are streamlined by the inclusion of robotics and automated processes. For the threat intelligence industry, the automated malware sandbox represents the machine that has been put in place to replace the work done by analysts. However, while producing high quality threat intelligence can be enhanced with the inclusion of some automation, completely replacing the human aspect greatly impacts the quality of your analysis.

Read More

Topics: Malware, Malware Intelligence, Protect Your Network

CERT Researchers Examine Domain Blacklists

Posted by Hugh Docherty on Fri, Jun 19, '15

Two members of the technical staff at the CERT Division of Carnegie Mellon University's Software Engineering Institute ( are studying threat intelligence sources and indicators. After researching everything you want to know about blacklists, Jonathan Spring and Leigh Metcalf followed up with additional analysis and a case study about the Domain Blacklist Ecosystem. Their research is in support of a hypothesis regarding how the difference in the indicators available through different sources is related to sensor vantage and detection strategy. To facilitate this required a source of intelligence that varied the detection strategy without changing the sensor vantage.

Read More

Topics: Malware Intelligence, Protect Your Network, Botnet

RATs, Phish, and ChickenKillers - Free DNS abused by cybercriminals

Posted by Gary Warner on Tue, Jun 16, '15

This week in our malware intelligence meeting, the analysts mentioned to me that they had seen two malware samples this week where the malware infrastructure included the domain "".  I thought this sounded familiar, but my first guess was wrong.  Chupacabra means "goat sucker" not "chicken killer".  So, we did a search in Malcovery's ThreatHQ system and were surprised to see not only that "" was used in two different malware samples in the past week, but that there were also more than sixty phishing sites that used the domain!

Read More

Topics: Phishing, trojans, Dynamic DNS

Put a Little Splunk In It

Posted by Hugh Docherty on Wed, Jun 3, '15

Splunk users have been able to connect to Malcovery’s threat intelligence service via API to retrieve our STIX feed since early 2014. Now you have another option. Malcovery just released version 1.0 of our Splunk App!  

The app connects to Malcovery’s threat intelligence API and maintains a local representation of the intelligence using Splunk’s Common Information Model (CIM). The app includes a set of rules, pivots, reports, and dashboards to alert InfoSec teams when communication is detected with botnet servers, help them prioritize a response, and assist in the investigation. 

Read More

Topics: SIEM, Protect Your Network

Alert! Alert! But then what?

Posted by Hugh Docherty on Thu, May 21, '15

Gary Warner from Malcovery Security and Wendy Nather of 451 Research recently hosted a webinar: Using Contextual Threat Intelligence to Improve Incident Response. With some assistance from a very “animated” CISO, Gary and Wendy reviewed the challenges facing these teams today.  Here we provide an overview of some key points of part two of the webinar. 

Read More

Topics: Malware Intelligence, Protect Your Network

Some Yahoo Stole My Password

Posted by Heather McCalley on Thu, May 14, '15

The Malcovery researchers are always finding new tactics used by the top phishers to steal login credentials for popular on-line services. We recently found a very clever phisher using the idea of strengthening your password against you. Let's explore this phishing scenario in detail.

Since the beginning of May, the URL:

has loaded a page that asks the victim to confirm the strength of their Yahoo! Mail password.

Read More

Topics: Phishing, Maersk, Yahoo, Microsoft, Google, HostGator

View Webinar Now