Recent Posts

Recent Blog Posts

The PhishLabs Blog

Office DDE feature exploited to deliver DNSMessenger payload in new targeted phishing campaign

Posted by Joshua Shilko on Nov 14, '17

The Research, Analysis, and Intelligence Division (R.A.I.D.) here at PhishLabs interacts with a multitude of malware samples in our day-to-day operations. Occasionally, we come across a campaign that stands out from the rest. One such instance occurred recently when one of our Phishing Threat Monitoring service clients was targeted with DNSMessenger, a sophisticated, memory-based infection technique, which has been previously associated with a financially-motivated Advanced Persistent Threat (APT) actor group. Also notable is the delivery method – the increasingly popular Dynamic Data Exchange (DDE) protocol Office document attack. This delivery method has recently been adopted by actors ranging from nation-state APTs to spammers peddling downloaders and ransomware. In this article, we will examine this delivery vector and dissect the initial DNSMessenger payload.

Read More

Topics: Spear Phishing, Office DDE Exploit

Have We Conditioned Web Users to be Phished?


Have the well-meaning recommendations of the security community made web users more vulnerable to cyber attacks? Have we conditioned people to be phished?

The HTTPS Paradox

You know that little green padlock symbol that appears in your browser’s URL bar every now and then? What do you think it means?

Read More

Topics: Phishing, Cyber Security Awareness Month

Adwind Remote Access Trojan Still Going Strong

Posted by Amanda Kline on Nov 1, '17

 A Java-based Adwind Remote Access Trojan campaign has been observed sending spam emails containing a malicious JAR file under the guise of “Request For Quotation,” “Transfer Import,” “Swift Copy,” “Proforma Invoice,” “DHL Delivery Notification” and many others.  Adwind, also known as jRAT and JSocket, is a cross-platform remote access tool designed to run on Mac OS, Windows, Linux, and Android systems to exfiltrate sensitive data from its victims. It has been known to, but is not limited to, log keystrokes, take pictures and record audio, steal cached data such as passwords and form fills, download/execute malware, amass system and user information, and modify registry entries.

Read More

Topics: Remote Acccess Trojan, Adwind

Final Review: How to Spot a Phish Video Series

Posted by Lindsey Havens on Oct 31, '17

In observance of National Cyber Security Awareness month, we released several videos to help employees and consumers spot a phish. In the final video, we take a look at a number of phish to apply what we have learned. To view all videos released in this series, visit this page: https://info.phishlabs.com/2017-cyber-security-awareness-month

Read More

Topics: Cyber Security Awareness Month, CyberAware

Enterprise Credential Theft: How to Spot a Phish


Today, we are going to look at a phish that takes advantage of the massive user base of Office 365 products. It’s safe to speculate that this phish is specifically targeting enterprise employees given most users of Office 365 products are using it for business purposes.

Read More

Topics: Phishing, Phish

URL Analysis: How to Spot a Phish Video

Posted by Nicole Garrigan on Oct 24, '17

In observance of National Cyber Security Awareness month, we are releasing several videos to help employees and consumers spot a phish. In the third video, we discuss hovering over a link in a email to analyze the URL before clicking. To view all videos released in this series, visit this page: https://info.phishlabs.com/2017-cyber-security-awareness-month

Read More

Topics: Cyber Security Awareness Month, CyberAware

Credential Theft: How To Spot a Phish

Posted by Amanda Kline on Oct 19, '17

When people think about phishing, their mind often turns immediately to ransomware. And for good reason. After all, there have been dozens of high profile ransomware attacks in recent months.

But you know what? An even greater proportion of phishing lures don’t contain ransomware. Instead of extorting money from you, they have an ulterior motive: they’re designed to steal your identity.

Well, OK. They’re designed to steal your login credentials… but in reality that isn’t far short of stealing your identity.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

APWG Report Reveals Increased Exploitation of Free Hosting Providers

Posted by Stacy Shelley on Oct 18, '17

The Anti-Phishing Working Group (APWG) has released the Phishing Activity Trends Report for the first half of 2017. APWG  utilizes  reported phishing attacks from multiple data sources to track, analyze, and report on fraud resulting  from phishing, crimeware, and email spoofing.  The report reveals frequent targeting in Payment, Financial, and Webmail sectors, as well as a rise in phishing attacks that utilize website builders and free hosting providers. 

Crane Hassold, Manager of Threat Intelligence at PhishLabs, noted in the report that hosting providers that offer free hosting and free  website-building tools provide criminals with opportunities. “These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site. Free hosts also afford phishers additional anonymity, because these services do not make registrant information easily available.”

Read More

Topics: Phishing, APWG

Email Sender Domain: How to Spot a Phish Video

Posted by Lindsey Havens on Oct 18, '17

In observance of National Cyber Security Awareness month, we are releasing several videos to help employees and consumers spot a phish. In the second video, we take a look at the  sender's email address to help spot a potentially malicious email. To view all videos released in this series, visit this page: https://info.phishlabs.com/2017-cyber-security-awareness-month

Read More

Topics: Cyber Security Awareness Month, CyberAware

Tech Support Scams: How To Spot a Phish

Posted by Amanda Kline on Oct 17, '17

Originating in India around 2008, tech support scams are a simple and effective way of preying on individuals’ fear.

In its earliest form, the tech support scam involved a scammer cold-calling English speaking countries, and claiming to represent Microsoft Technical Support. The victim would be informed that their machine was infected with malware, and that the caller would help them remove it if granted access to the machine.

Naturally, once access was granted, the scammer would “fix” the problem and promptly demand payment.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all