The PhishLabs Blog

To stage a phishing site, cybercriminals have several options. They can use a legitimate domain that has been compromised, they can abuse free hosting services, or they can register their own domain. Understanding the prevalence of each scenario is fundamental to detecting and mitigating these threats as early in the attack process as possible (including before they’ve been launched). PhishLabs recently analyzed more than 100,000 phishing sites to establish how many used compromised domains, free hosting, or maliciously-registered domains.  

Topics: Domains

PhishLabs has observed a spike in malicious emails distributing ZLoader malware. The spike is notably one of the greatest upticks for a single payload observed in a 24-hour period over the past year, and is the first significant sign that another botnet may be stepping up in the aftermath of the Emotet takedown. 

Topics: Banking Trojan, Ransomware

A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor is imperative in the process of assessing risk. By mapping social media accounts operated by the threat actor, as well as general social media risk monitoring, you can build a more comprehensive profile of the user and better assess the risk posed. It can also reveal the real-life identity of the user if they have attempted to remain anonymous.

 

We recently published a blog focused on the importance of determining a social media user’s location, and the same is true in gauging the behavior of an online user through posted content across their social media accounts. Past activity, interactions, and anonymous accounts may all help to determine the level of risk and can provide security teams valuable insight into whether or not mitigation should be pursued. 

 

Topics: OSINT

Recently, we published a piece highlighting early stage loaders often used in ransomware attacks. One of the most prolific was Emotet, which has since been taken down via a coordinated, multi-national effort. How will this impact the threat landscape? In this post, we take a look at loader activity in the aftermath of the Emotet takedown.

 

Topics: Malware, Ransomware

Recently, PhishLabs mitigated an attack using a fake social media page to steal the credentials of a credit union (CU) customer. Social media is increasingly used as a vehicle for attacks, and organizations should adopt  social media protection measures to stay ahead of threats. The below demonstrates how the attack was executed.

Topics: Social Media Threats

Ransomware continues to be one of the most  impactful threats to enterprises. Aside from external vulnerabilities, its primary delivery method remains email phishing, with links or attachments containing early stage loaders. These loaders initiate attacks by compromising systems and installing additional malware. PhishLabs has analyzed these early stage loaders and observed a dramatic increase in ransomware droppers delivered via email. Below are the findings. 

 

Topics: Ransomware