Recent Posts

Recent Blog Posts

The PhishLabs Blog

Ransomware Playbook: Defense in Depth Strategies to Minimize Impact

Posted by Jessica Ellis on May 13, '21

In 2020, ransomware attacks in the U.S. increased 139% year-over-year . Attacks are more strategic, demands are higher, and new tactics have emerged that leave victims experiencing the pressure to pay. Organizations that are affected by ransomware believe they are left with one of two choices: Refuse to meet ransom demands and risk the loss of data or, pay the ransom and hazard it released anyway.  
Read More

Topics: Ransomware

Alien Mobile Malware Evades Detection, Increases Targets

Posted by Jessica Ellis on May 4, '21

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google’s malware detection and is targeting a broad spectrum of both financial and non-financial apps. So far, Alien has been connected with 87 new brands previously not targeted by Cerberus. 
Read More

Topics: Malware, Banking Trojan, Mobile

ZLoader Dominates Email Payloads in Q1

Posted by Jessica Ellis on Apr 21, '21

Malicious payloads delivered via email phishing continue to drive access to sensitive infrastructures and result in data compromise for enterprises. In Q1 of 2021, attack methods including malware campaigns have contributed to a 564% increase in individuals affected by a data leak, as well as a 12% increase in publicly-reported compromise. 
Read More

Topics: Malware, Ransomware

Breaking Down the Latest O365 Phishing Techniques

Posted by Jessica Ellis on Apr 1, '21

Microsoft Office 365 phish are some of the most common threats that reach end users inboxes. Over the course of a two-year period, PhishLabs has observed that O365 phish have accounted for more than half of all reported phish by enterprises - by a significant margin. 
Read More

Most Phishing Attacks Use Compromised Domains and Free Hosting

Posted by The PhishLabs Team on Mar 24, '21

To stage a phishing site, cybercriminals have several options. They can use a legitimate domain that has been compromised, they can abuse free hosting services, or they can register their own domain. Understanding the prevalence of each scenario is fundamental to detecting and mitigating these threats as early in the attack process as possible (including before they’ve been launched). PhishLabs recently analyzed more than 100,000 phishing sites to establish how many used compromised domains, free hosting, or maliciously-registered domains.  
Read More

Topics: Domains

Surge in ZLoader Attacks Observed

Posted by Jessica Ellis on Feb 23, '21

PhishLabs has observed a spike in malicious emails distributing ZLoader malware. The spike is notably one of the greatest upticks for a single payload observed in a 24-hour period over the past year, and is the first significant sign that another botnet may be stepping up in the aftermath of the Emotet takedown
Read More

Topics: Banking Trojan, Ransomware

OSINT: Mapping Threat Actor Social Media Accounts

Posted by The PhishLabs Team on Feb 15, '21

A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor is imperative in the process of assessing risk. By mapping social media accounts operated by the threat actor, as well as general social media risk monitoring, you can build a more comprehensive profile of the user and better assess the risk posed. It can also reveal the real-life identity of the user if they have attempted to remain anonymous.
We recently published a blog focused on the importance of determining a social media user’s location, and the same is true in gauging the behavior of an online user through posted content across their social media accounts. Past activity, interactions, and anonymous accounts may all help to determine the level of risk and can provide security teams valuable insight into whether or not mitigation should be pursued. 
Read More

Topics: OSINT

Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In

Posted by Jessica Ellis on Feb 9, '21

Recently, we published a piece highlighting early stage loaders often used in ransomware attacks. One of the most prolific was Emotet, which has since been taken down via a coordinated, multi-national effort. How will this impact the threat landscape? In this post, we take a look at loader activity in the aftermath of the Emotet takedown.
Read More

Topics: Malware, Ransomware

Threat Actor using Social Media to Scam Credit Union Members

Posted by Jessica Ellis on Feb 1, '21

Recently, PhishLabs mitigated an attack using a fake social media page to steal the credentials of a credit union (CU) customer. Social media is increasingly used as a vehicle for attacks, and organizations should adopt  social media protection measures to stay ahead of threats. The below demonstrates how the attack was executed.
Read More

Topics: Social Media Threats

Sharp Increase in Emotet, Ransomware Droppers

Posted by Jessica Ellis on Jan 26, '21

Ransomware continues to be one of the most  impactful threats to enterprises. Aside from external vulnerabilities, its primary delivery method remains email phishing, with links or attachments containing early stage loaders. These loaders initiate attacks by compromising systems and installing additional malware. PhishLabs has analyzed these early stage loaders and observed a dramatic increase in ransomware droppers delivered via email. Below are the findings. 
Read More

Topics: Ransomware

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all