The PhishLabs Blog

Do We Overlook the Best Line of Defense Against Cyber Attacks?

Posted by Jenny Dowd on Oct 25, '16

Cyber Security Awareness Month presents us with the opportunity to catch up on security trends, gauge our security posture, and assess what gaps and exposure may exist.  Do we have blind spots? Or are we overlooking assets readily available to us?

We all know spam filters do not catch 100% of spam, and 1.5% of spam contains malicious links. So when you have one in five employees clicking on phishing emails, you are at risk.  This is not news, right? We all know there is no magic bullet for cyber security, and the best that we can hope for is a strong defense.

When planning the best defense, we often overlook that the best defensive line is right in front of our faces – our employees.  We often think of them as our liability because no matter how many technology controls we put in place, we know statistically that 1 in 5 of them is going to click on a phish.  This week's #CyberAware focus will highlight how, with proper training – and we’ll talk about what ‘proper’ is – you can condition your employees to not just avoid falling for phishing emails, but to actively report phishing attacks to your security team. You can make your employees part of your defense.

Read More

Topics: security awareness training

Ransomware Reload & Definitive Resource Guide

Posted by Lindsey Havens on Oct 21, '16

If you have been following our Cyber Security Awareness Month series,  we applaud you for taking steps to become #CyberAware. We want you to be in best position to keep your organization safe and prevent the next attack. 

If you're just joining us, no worries! We will walk you through the actions you should be taking to prevent attacks likransomware from gaining a footholinside your network. 

How to Defend Against Ransomware.jpgAround 1.5 percent of spam emails contain malicious attachments or URLs, along with content designed to manipulate people into opening them. This technique, known as phishing, has become an overwhelming favorite of threat actors in the past few years, primarily because it’s a cheap, effective, and a fast way to compromise targeted networks. Phishing has been far and away the most popular delivery method for ransomware, and the continued evolution of text-based social engineering attacks has been a significant factor in the rise of ransomware.What should we do about it? For starters, we must stop being easy targets. Education is the key. Here you will find a comprehensive list of resources for fighting back. Let's get started! 

Read More

Topics: Ransomware, Cyber Security Awareness Month

How Modern Banking Trojans Obstruct Malware Analysis

Posted by King Salemno on Oct 20, '16

Note to readers: PhishLabs will be represented by Paul Black at MalCon 2016 in Puerto Rico from October 18-21. At MalCon 2016, Paul will review the evolution of malware targeted at banks and financial institutions, reviewing notable trending data and methods to combat them. Contact PhishLabs for ongoing concern, questions and a deeper dive into the latest remediation techniques.

The cat and mouse game between malware researchers and threat actors operating banking Trojans began with the creation and propagation of the Zeus banking trojan in 2007. Since Zeus’s release, the number of banking trojans has increased continually, yet the anti-analysis mechanisms used by cybercriminals to obstruct researchers appear to have plateaued.

Read More

Topics: Malware, Banking Trojan, Malware Analysis, R.A.I.D.

Pay Up: The 2016 Definitive Guide to Ransomware

Posted by Lindsey Havens on Oct 19, '16

Right now most organizations are completely unready to cope with ransomware, both from security and recovery standpoints. In many cases, even basic security protocols such as consistent vulnerability management are lackluster or missing entirely, and threat actors are making millions of dollars every year as a result. 

That’s why, as part of our   Cyber Security Awareness Month series,  we are helping you take action by sharing our best resources on ransomware. 

In an effort to fight back together against cyberattacks, download this free copy of our Ransomware Whitepaper where we explore the growing threat of ransomware, and what you can do to keep your organization secure. We will walk you through the actions you should be taking to prevent ransomware from gaining a foothold inside your network, and how to make your security program the best it can be. 

Read More

Topics: Ransomware, Cyber Security Awareness Month

#CyberAware: Spotlight on Ransomware

Posted by Lindsey Havens on Oct 18, '16

We field a lot of questions about ransomware, but there’s one in particular that comes up time and time again. “Are we at risk from ransomware?” It’s not a difficult question to answer. Yes, you’re at risk… Everybody is at risk. 

You see, there are plenty of ways for threat actors to spread ransomware. They create fake online advertisements and pop-ups, exploit known vulnerabilities to gain access to corporate networks, and they even drop USB sticks loaded with ransomware in public places. They’re pulling out all the stops to infect your systems with ransomware, so yes, you need to be concerned.

Read More

Topics: Ransomware, Cyber Security Awareness Month

The Growing Business of Cybercrime as a Service

Posted by Lindsey Havens on Oct 14, '16

As part of our Cyber Security Awareness Month series, we have so far explored data breaches and Business Email Compromise (BEC). These topics and tactics roll up into a more global discussion about the growing economy of cybercrime. We reported in 2015 that, as competition continues to rise in the underground marketplace, illicit operations are evolving and expanding services to offer “Cybercrime-as-a-Service” (CaaS). Let's take this opportunity to look into this business model, which continues to strengthen and grow in scope as threat vectors evolve. 

Read More

Topics: Data Breach, Cybercrime-as-a-Service, BEC, Cyber Security Awareness Month

All Phish are Not Created Equal: The Evolving BEC Scam

Posted by Lindsey Havens on Oct 13, '16

To further our Cyber Security Awareness Month initiative in helping you be #CyberAware, we want to focus on a specific type of phishing tactic that has gained popularity in the last few years: Business Email Compromise, commonly referred to as "BEC."  As cybercriminals evolve their attack methodologies, they have learned from their mistakes and BEC is an unfortunate example of how they are circumventing technology defenses and exploiting organizations' greatest vulnerability: employees.  

Read More

Topics: BEC, business email compromise

Rewinding the Headline: Where Do Data Breaches Begin?

Posted by Lindsey Havens on Oct 12, '16

Modern threat actors devote huge amounts of time to identifying and exploring new exploits, tactics, and techniques
for circumventing security and compromising corporate networks. 
The majority of headline breaches are initiated by spear phishing attacks, and not only are they sophisticated enough to make it past most spam filters, some are able to fool even seasoned security personnel. 

Read More

Topics: Phishing, Data Breach, Spear Phishing

Hurricane Matthew Cyber Scams

Posted by John LaCour on Oct 8, '16

PhishLabs is investigating multiple online scams involving news about Hurricane Matthew. Some of these scams are using news of the hurricane to distribute malware via email attachments and malicious links. Other scams are posing as charities and are requesting relief donations. Individuals should be on high alert and be suspicious of any online communication that mentions Hurricane Matthew.

Read More

Topics: Phishing, Malware, Hurricane Matthew

Cyber Security Awareness Month: Let's Fight Back Together

Posted by Lindsey Havens on Oct 6, '16

National Cyber Security Awareness Month, which is observed every October, is an opportunity for us as a nation to spotlight security issues that impact our daily lives. As proven by the exponential increase in data breaches, threat actors are finding their way past current security defenses. We need to fight back together if we are ever going to turn the tides on data breaches, phishing attacks, and other malicious online threats that cost organizations and individuals each year.

Read More

Topics: Phishing, Cyber Security Awareness Month, Security


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events