Category: The PhishLabs Blog

This article has been indexed from The PhishLabs Blog   Read the original article: Breaking Down Phishing Site TLDs and Certificate Abuse in Q1

Read more →

This article has been indexed from The PhishLabs Blog   Read the original article: Credential Theft, O365 Lures Dominate Corporate Inboxes in Q1

Read more →

This article has been indexed from The PhishLabs Blog Phishing is on the rise. PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020.  This trend is continuing as Q2 attacks are also…

Read more →

This article has been indexed from The PhishLabs Blog Phishing is on the rise. PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020.  This trend is continuing as Q2 attacks are also…

Read more →

This article has been indexed from The PhishLabs Blog Phishing attacks in Q1 have increased 47% compared to last year, according to PhishLabs newly released Q1 2021 Threat Trends & Intelligence Report. The report uses data collected from hundreds of thousands…

Read more →

This article has been indexed from The PhishLabs Blog Read the original article: Q1 2021 Threat Trends & Intelligence Report

Read more →

This article has been indexed from The PhishLabs Blog Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be…

Read more →

This article has been indexed from The PhishLabs Blog   Digital brand protection is defined as comprehensive intelligence sourcing and mitigation of external threats targeting your brand. Digital brand abuse can occur anywhere online. Therefore, it is necessary to have…

Read more →

This article has been indexed from The PhishLabs Blog Read the original article: Ransomware Playbook: Defense in Depth Strategies to Minimize Impact

Read more →

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google’s malware detection and is targeting a broad spectrum of both financial and non-financial…

Read more →

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google’s malware detection and is targeting a broad spectrum of both financial and non-financial…

Read more →

Read the original article: ZLoader Dominates Email Payloads in Q1

Read more →

Read the original article: Breaking Down the Latest O365 Phishing Techniques Microsoft Office 365 phish are some of the most common threats that reach end users inboxes. Over the course of a two-year period, PhishLabs has observed that O365 phish…

Read more →

Read the original article: Most Phishing Attacks Use Compromised Domains and Free Hosting To stage a phishing site, cybercriminals have several options. They can use a legitimate domain that has been compromised, they can abuse free hosting services, or they…

Read more →

Read the original article: Surge in ZLoader Attacks Observed PhishLabs has observed a spike in malicious emails distributing ZLoader malware. The spike is notably one of the greatest upticks for a single payload observed in a 24-hour period over the…

Read more →

Read the original article: OSINT: Mapping Threat Actor Social Media Accounts A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor…

Read more →

Read the original article: Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In Recently, we published a piece highlighting early stage loaders often used in ransomware attacks. One of the most prolific was Emotet, which has since been taken down via…

Read more →

Read the original article: Threat Actor using Social Media to Scam Credit Union Members Recently, PhishLabs mitigated an attack using a fake social media page to steal the credentials of a credit union (CU) customer. The below demonstrates how the…

Read more →

Read the original article: Sharp Increase in Emotet, Ransomware Droppers Ransomware continues to be one of the most  impactful threats to enterprises. Aside from external vulnerabilities, its primary delivery method remains email phishing, with links or attachments containing early stage…

Read more →

Read the original article: Sharp Increase in Emotet, Ransomware Droppers Ransomware continues to be one of the most  impactful threats to enterprises. Aside from external vulnerabilities, its primary delivery method remains email phishing, with links or attachments containing early stage…

Read more →

Read the original article: Using Social Media OSINT to Determine Actor Locations   Become a supporter of IT Security News and help us remove the ads. Read the original article: Using Social Media OSINT to Determine Actor Locations

Read more →

Read the original article: Activists Leak Data Stolen in Ransomware Attacks The activist group known as Distributed Denial of Secrets (DDoSecrets) has published almost one terabyte of data originally leaked to dark web sites by ransomware operators. In addition, they…

Read more →

Read the original article: Look-alike Domain Mitigation: Breaking Down the Steps Look-alike domains remain some of the most consistent elements of cyber attacks targeting organizations. At a high-level, there are two ways to mitigate the threat of a look-alike domain:…

Read more →

Read the original article: Year In Review: Ransomware In 2020, cybercrime has seen a dramatic evolution in ransomware attacks. This threat type has adopted increasingly malevolent tactics and targeted some of the year’s most vulnerable industries. Operators are linking up,…

Read more →

Read the original article: The Anatomy of a Look-alike Domain Attack Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable organizations and make a profit. These domains are used for a variety of attacks including phishing…

Read more →

Read the original article: The Year In Review: How COVID-19 Has Changed Cyber Security The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw…

Read more →

Read the original article: The Year In Review: How COVID-19 Has Changed Cyber Security The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw…

Read more →

Read the original article: APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of…

Read more →

Read the original article: Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization’s name, logo, or messaging can…

Read more →

Read the original article: What is a Look-alike Domain? By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive.   Become a supporter of IT Security News and help us remove the…

Read more →

Read the original article: As Screen Time Skyrockets, So Does Threat of Fake Apps App downloads fueled by COVID-19 lockdowns leapt to 37.5 billion in Q2 of this year, and collective global app usage is surging. Android users’ screen time…

Read more →

Read the original article: Ransomware Groups Break Promises, Leak Data Anyway While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another layer of complexity to an already difficult decision.…

Read more →

Read the original article: Top 7 Use Cases for Digital Risk Protection Today’s enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces…

Read more →

Read the original article: Phishing Campaign Uses Malicious Office 365 App Most phishing campaigns attempt to take over accounts by tricking the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious…

Read more →

Read the original article: How to Detect Look-alike Domain Registrations Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand’s credibility. A spoofed domain is easy and quick to create, and can act as…

Read more →

Read the original article: Ransomware Groups Break Promises, Leak Data Anyway While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another layer of complexity to an already difficult decision.…

Read more →

Read the original article: Top 7 Use Cases for Digital Risk Protection Today’s enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces…

Read more →

Read the original article: As Screen Time Skyrockets, So Does Threat of Fake Apps App downloads fueled by COVID-19 lockdowns leapt to 37.5 billion in Q2 of this year, and collective global app usage is surging. Android users’ screen time…

Read more →

Read the original article: Encryption to Double Extortion: Ransomware’s Rapid Evolution Threat actors are leveraging stolen data to enhance ransomware attacks. Data leaks and ransomware – once considered two distinct threats – are overlapping into a hybrid tactic known as…

Read more →

Read the original article: Limited Impact of Phishing Site Blocklists and Browser Warnings The life of a phishing site is brief, but impactful. A study published earlier this year found the average time span between the first and last victim…

Read more →

Read the original article: $2.3M Stolen from Wisconsin GOP via BEC Attack   With Election Day just around the corner, the Republican Party of Wisconsin  revealed that $2.3M was recently stolen from election funds intended to support the re-election of…

Read more →

Read the original article: Ryuk Ransomware Targeting Healthcare As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an increased and imminent cyber threat…

Read more →

Read the original article: How URL Tracking Systems are Abused for Phishing Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive carriers for phishing URLs.…

Read more →

Read the original article: Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using this infrastructure for…

Read more →

Read the original article: Eliminating the Threat of Look-alike Domains There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other…

Read more →

Read the original article: What is Digital Risk Protection? Today’s enterprise attack surface is not limited to the corporate network. In fact, the network is just a small slice. When it comes to deciding how and where to attack an…

Read more →

Read the original article: How to Detect Look-alike Domain Registrations Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand’s credibility. A spoofed domain is easy and quick to create, and can act as…

Read more →

Read the original article: Digital Risk Protection vs. Threat Intelligence Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by…

Read more →

Read the original article: How to Take Down Social Media Threats Threat actors increasingly use social media to attack brands, VIPs, and customers. The types of threats on these platforms are diverse and each social network has different policies in…

Read more →

Read the original article: APWG: SSL Certificates No Longer Indication of Safe Browsing The Anti-Phishing Working Group (APWG) has released its Phishing Activity Trends Report analyzing phishing attacks and identifying theft techniques reported by its members for Q2 of 2020.…

Read more →

Read the original article: Royal Ripper: Multi-Stage Phishing Attack Adapts to Victim Input PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers. The threat actor behind the attacks has…

Read more →

Read the original article: Navigating Social Media Threats : A Digital Risk Protection Playbook Social media is rapidly growing as a preferred channel for threat actors targeting enterprises with malicious campaigns. Half of the global population uses social media, and…

Read more →

Read the original article: Data Leaks in 2020: Accelerated Digital Transformation Exposes Enterprises The digital presence of today’s enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses…

Read more →

Read the original article: Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection Driven by expanding use cases, approachable intelligence, and the incorporation of premium services, demand for Digital Risk Protection Services (DRPS) has grown over the last…

Read more →

Read the original article: Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection Driven by expanding use cases, approachable intelligence, and the incorporation of premium services, demand for Digital Risk Protection Services (DRPS) has grown over the last…

Read more →

Read the original article: Account Takeover Attacks Cause Chaos @ Twitter On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos,…

Read more →

Read the original article: Gartner Releases 2020 Hype Cycle for Security Operations Digital Risk Protection has emerged as a critical new capability for security teams. It protects critical digital assets and data from external threats across surface, dark, and deep…

Read more →

Read the original article: Gartner Releases 2020 Hype Cycle for Security Operations Digital Risk Protection has emerged as a critical new capability for security teams. It protects critical digital assets and data from external threats across surface, dark, and deep…

Read more →

Read the original article: Spoofed Domains Present Multifaceted, Growing Problems for Enterprises Threat actors are increasingly registering new domains to launch malicious campaigns against enterprises. Identifying suspicious domains, as well as monitoring existing ones for changes, is an overwhelming and…

Read more →

Read the original article: Executive Impersonation Techniques on Social Media Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands.  Today, many executives have accounts on these platforms to network as well as…

Read more →

Read the original article: Executive Impersonation Techniques on Social Media Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands.  Today, many executives have accounts on these platforms to network as well as…

Read more →

Read the original article: Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing…

Read more →

Read the original article: Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing…

Read more →

Read the original article: FBI Warns of Growing Mobile Banking App Threats The Federal Bureau of Investigation (FBI) published a public service announcement Wednesday warning the public of anticipated cyber attacks that exploit increased usage of mobile banking apps. The…

Read more →

Read the original article: Data Leakage on Social Media: Credit Card Info, Confidential Docs When the term data leak comes to mind, most enterprises think of the dark web. Although compromised information can damage an organization when distributed through gated…

Read more →

Read the original article: Social Media Platforms Latest Channels used to Leak Sensitive Data Threat actors are using social media accounts to expose and sell data that has been compromised. While information found on many of these platforms has traditionally…

Read more →

Read the original article: Social Media Platforms Latest Channels used to Leak Sensitive Data Threat actors are using social media accounts to expose and sell data that has been compromised. While information found on many of these platforms has traditionally…

Read more →

Read the original article: Threat Actors Impersonate Brands on Social Media for Malicious Purposes With more than 2.95 billion people now estimated to use social media, an organization’s online presence directly relates to the satisfaction of its customers, as well…

Read more →

Read the original article: Reporting Cyber Threats: Executives at Risk Across the cybersecurity industry, white papers and reports typically highlight high-level trends related to cyber threats. However, what is often overlooked is a more granular analysis that focuses on individuals…

Read more →

Read the original article: COVID-19 Phishing Update: File Sharing Services Abused to Steal Credentials As enterprise workforces continue to transition to remote environments, online file sharing and cloud storage tools are becoming a frequent, if not necessary means of collaboration.…

Read more →

Read the original article: COVID-19 Phishing Update: Internal Communications Compromised as File Sharing Services Abused As enterprise workforces continue to transition to remote environments, online file sharing and cloud storage tools are becoming a frequent, if not necessary means of…

Read more →

Read the original article: COVID-19 Phishing Update: Threat Actors on Twitter Want You to Pay for Your Stolen Passwords Cyber criminals are using COVID-19 to manipulate users on Twitter and steal funds through payment applications. Our latest example demonstrates how…

Read more →

Read the original article: COVID-19 Phishing Update: BEC Lures use Pandemic to Enhance Attacks Threat actors are using the novel coronavirus to add credibility in recent Business Email Compromise (BEC) attacks. Below are three examples of how they are doing…

Read more →

Read the original article: COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims As job losses grow due to the coronavirus pandemic, cybercriminals are taking advantage of the situation to recruit individuals into money mule scams. Below…

Read more →

Read the original article: COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims As job losses grow due to the coronavirus pandemic, cybercriminals are taking advantage of the situation to recruit individuals into money mule scams. Below…

Read more →

Read the original article: COVID-19 Phishing Update: Scammers Impersonating Financial Institutions on Instagram Threat actors are using the novel coronavirus to impersonate accounts on social media. The example below targets members of a credit union.    Advertise on IT Security…

Read more →

Read the original article: COVID-19 Phishing Update: Money-Flipping Schemes Promise Coronavirus Cash Threat actors are using social media to engage in money-flipping scams abusing the novel coronavirus. The two examples below demonstrate how they are doing it.   Advertise on…

Read more →

Read the original article: COVID-19 Phishing Update: Money-Flipping Schemes Promise Coronavirus Cash Threat actors are using social media to engage in money-flipping scams abusing the novel coronavirus. The two examples below demonstrate how they are doing it.   Advertise on…

Read more →

Read the original article: COVID-19 Phishing Update: Threat Actors Abusing Utility Concerns In response to the financial difficulties resulting from COVID-19, many utilities have announced policy changes to suspend disconnects and provide relief to customers. As a result, many people…

Read more →

Read the original article: COVID-19 Phishing Update: Bad Actors Use Stimulus Payment Delays to Capture Banking Credentials With many U.S. citizens still waiting to receive their government-mandated stimulus, we are again seeing cyber criminals shift their tactics in accordance with…

Read more →

Read the original article: COVID-19 Phishing Update: Bad Actors Use Stimulus Payment Delays to Capture Banking Credentials With many U.S. citizens still waiting to receive their government-mandated stimulus, we are again seeing cyber criminals shift their tactics in accordance with…

Read more →

Read the original article: COVID-19 Phishing Update: Voicemail Attacks Surface Targeting Office 365 Users Cyber criminals are using coronavirus-themed voicemail notifications in the latest efforts to act on pandemic fears and steal credentials. The example below shows how they are…

Read more →

In recent efforts to deliver attacks that abuse the novel coronavirus, threat actors are exploiting workplace concerns about outbreak prevention and shipment delays. Below are two examples sent with the intent of delivering malware.    Advertise on IT Security News.…

Read more →

In the past month, we have identified and documented the methods in which threat actors have exploited the novel coronavirus (COVID-19). As fear and uncertainty around the global pandemic continue to grow, threat actors are working in tandem to develop…

Read more →

In the past month, we have identified and documented the methods in which threat actors have exploited the novel coronavirus (COVID-19). As fear and uncertainty around the global pandemic continue to grow, threat actors are working in tandem to develop…

Read more →

Cyber criminals are using the stimulus bill and relief payments to exploit growing concerns about financial security. The examples below are impersonating financial institutions.    Advertise on IT Security News. Read the complete article: COVID-19 Phishing Update: Promise of Payments…

Read more →

Threat actors are repurposing Nigerian Prince or 419 lures with novel coronavirus messaging to capitalize on the current pandemic. Today’s examples demonstrate how they are doing it.   Advertise on IT Security News. Read the complete article: COVID-19 Phishing Update:…

Read more →

Threat actors are exploiting employee concerns about infected colleagues. Our latest example targets Office 365 accounts at a large Canadian company by falsely claiming a colleague has died from the virus.    Advertise on IT Security News. Read the complete…

Read more →

The novel coronavirus is giving opportunistic threat actors new means of deploying malicious lures on unsuspecting targets. Today’s example shows the attacker leveraging the pandemic by offering guidance on how to avoid coronavirus scams. Unfortunately, it’s also a scam.  …

Read more →

Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures.    Advertise on IT Security News. Read the complete article: COVID-19 Phishing Update: Your…

Read more →

As COVID-19 continues to spread, we are seeing an increase in threat actors impersonating public health organizations and luring victims in with fake links to government agencies. The four examples below impersonate the Center for Disease Control and Prevention (CDC)…

Read more →

We continue to see a wide range of lures exploiting coronavirus fears. In this post, we take a look at three recently observed lure samples that use the possibility of a cure to entice victims. We are providing ongoing updates on coronavirus-themed…

Read more →

We continue to see a wide range of lures exploiting coronavirus fears. In this post, we take a look at three recently observed lure samples that use the possibility of a cure to entice victims.   Advertise on IT Security…

Read more →

As COVID-19 cases have further spread over the past few weeks, our team has come across new lures that target an individual’s fear of coronavirus as it relates to their health insurance coverage. Both examples lead to malicious sites that…

Read more →

As COVID-19 cases have further spread over the past few weeks, our team has come across new lures that target an individual’s fear of coronavirus as it relates to their health insurance coverage. Both examples lead to malicious sites that…

Read more →

As COVID-19 cases have further spread over the past few weeks, our team has come across new lures that target an individual’s fear of coronavirus as it relates to their health insurance coverage. Both examples lead to malicious sites that…

Read more →

As COVID-19 cases have further spread over the past few weeks, our team has come across new lures that target an individual’s fear of coronavirus as it relates to their health insurance coverage. Both examples lead to malicious sites that…

Read more →

A few weeks ago we noted some early examples of Coronavirus phishing campaigns. Since then, the pandemic has spread and we’ve seen a dramatic uptick in COVID-19-themed malicious activity, with everything from domain registration to phishing emails and even malware…

Read more →

Recently we highlighted one of the most common evasion techniques employed by threat actors in order to keep a phishing site online: geoblocking, or blocking by location. However, many other techniques exist, some that are more subtle and make it more…

Read more →

By this time, most everyone in the world has heard about COVID-19, a global outbreak that is commonly referred to as the Coronavirus. With growing fear and a lack of information, the stock markets have dropped to lows we haven’t…

Read more →