The PhishLabs Blog

How To Build a Powerful Security Operations Center, Part 3: Financial Investment & Reporting

Posted by Johnny Calhoun, VP Client Operations on Apr 26, '17

If you’ve made it this far through the series, you’re no doubt starting to realize (if you hadn’t already) that building a functional SOC requires a great deal of time, thought, and investment.

If you haven’t been following the series so far, now would be a good time to go back and read the first two articles:

So now that we've covered the most important components of a powerful SOC, it’s time to bring things into the real world, and talk about financial investment.

Read More

Topics: Security Operations

From Macro To Mitigation: An Analysis of TrickBot's Lifecycle


Since the identification of TrickBot in late-2016, we have observed it targeting bank customers throughout the United States, United Kingdom, Germany, Australia, and Canada, following an attack pattern similar to the Trojan from which it was developed, Dyre. TrickBot enters into a victims machine and sends bank information to criminals through a complex series of events initiated by one click. Once initiated, TrickBot resides in the background, operating as unobtrusively as possible. While the process, from installation to credential theft, can happen in seconds, TrickBot follows discrete linear steps that provide opportunities for mitigation.

Read More

Topics: Threat Analysis, Threat Intelligence, Banking Trojan, TrickBot

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Posted by Johnny Calhoun, VP Client Operations on Apr 19, '17

In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC).

And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started.

In this post, we’re going to take a closer look at the technical requirements of building a SOC, including software, hardware, communications, project tracking, and more.

So let’s get right to it…

Read More

Topics: Security Operations

How To Build a Powerful Security Operations Center, Part 1: Motivation & Logistics

Posted by Johnny Calhoun, VP Client Operations on Apr 14, '17

There’s a certain mystique and excitement surrounding the idea of a security operations center.

It puts your in mind of a mission control style room, possibly in an underground bunker, where people in uniforms shout orders and spend all their time responding to imminent threats.

And in a world where cyber attacks have become a daily reality, and even midsize organizations are forced to designate substantial budgets for cyber security, the idea of implementing a SOC has become far more realistic.

Read More

Topics: Security Operations

How to Identify and Block Ransomware

Posted by Jenny Dowd on Apr 13, '17

In the last post, we took an in-depth look at how ransomware changed during 2016, and what we expect to see happen in the coming year.

The post, which was based on a recent webinar, was pretty long and in-depth, so if you'd like some context you might like to go back and read it before continuing or feel free to watch the on-demand webinar.

In this post we’re going to run through the most important part of the webinar: what you can do to secure your organization against ransomware.

Read More

Topics: Phishing, Ransomware, Phishing Trends and Intelligence Report,

The Ransomware Explosion: Lessons Learned in 2016

Posted by Jenny Dowd on Apr 7, '17

In 2016, a year when cybercrime soared to previously undiscovered heights, ransomware was one of the top worries for organizations of all sizes.

And for good reason.

Compared to other malware, ransomware has a very high infection rate, and whether or not organizations opt to pay ransom demands it can cause significant disruption to business processes. Even worse, many co-called “copycat” ransomware families have turned out to be far more destructive than intended, and as a result many files can't be recovered even if payment is made.

Read More

Topics: Ransomware

7 Things the Healthcare Industry Needs from Security Awareness Training: HIMSS Feedback

Posted by Lindsey Havens on Mar 30, '17

Mention security awareness training in a healthcare setting and stress levels start to rise.

But it doesn’t have to be that way.

Last month we attended HIMSS, one of the largest healthcare specific IT conferences in the US. We wanted to show healthcare providers that security awareness training doesn’t have to be a huge burden, and that (done well) it can have a profound impact on a healthcare organization’s security profile.

But to do that, we needed to have frank conversations with as many healthcare providers as possible. We needed to find out what healthcare security professionals require from their security awareness training in terms of structure, content, and results.

And that’s exactly what we did.

Read More

Topics: security awareness training

How and Why the Phishing Threat Landscape Has Changed

Posted by Lindsey Havens on Mar 24, '17

Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.

It was a serious threat, of course, but it had become somewhat… predictable.

But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.

Read More

Topics: Phishing, Phish Kit, Ransomware, PTI Report

Beyond .COM: Analysis of Phishing Domains in 2016

In the past few years, you’ve no doubt started to see some pretty strange website suffixes.

You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.

Read More

Topics: Phishing, PTI Report

The Phishing Email that Fooled Thousands of Trained Users

Posted by Dane Boyd on Mar 9, '17

It’s a sobering moment.

You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results.

But then it happens.

Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it.

Read More

Topics: security awareness training, EDT


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events


Posts by Topic

see all