The PhishLabs Blog

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive.

Topics: Digital Risk Protection, Domains

Today’s enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces and transition to new platforms. The external digital landscape is also rapidly expanding, and organizations are being required to conduct business more frequently through non-traditional channels. This digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter. 

In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities. 

Topics: Digital Risk Protection, DRP

While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another layer of complexity to an already difficult decision. Should organizations pay up? Or should they refuse?  According to a recent report, it may not matter. Data stolen in ransomware attacks is frequently becoming public even after the victim has paid. 

Topics: Ransomware, Digital Risk Protection, Email Intelligence & Response, DRP

Most phishing campaigns attempt to take over accounts by tricking the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.

Topics: Email Incident Response, Office 365

Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand’s credibility. A spoofed domain is easy and quick to create, and can act as the catalyst for malicious email campaigns and phishing sites. In order to detect and action domain threats targeting your organization, security teams need to implement mature and progressive processes for collection and curation.

Topics: Domain Threats Playbook, Domains

Threat actors are leveraging stolen data to enhance ransomware attacks. Data leaks and ransomware - once considered two distinct threats - are overlapping into a hybrid tactic known as double extortion. While traditional ransomware attacks deny access to valuable systems and data, double extortion threatens to leak sensitive data if the ransom is not paid. 

Topics: Ransomware, TrickBot, Ryuk

The life of a phishing site is brief, but impactful. A study published earlier this year found the average time span between the first and last victim of a phishing attack is just 21 hours.  The same study observed the average phishing site shows up in industry blocklist feeds nearly 9 hours after the first victim visit. By that time, most of the damage is done. 

Topics: Phishing, Digital Risk Protection

 

With Election Day just around the corner, the Republican Party of Wisconsin  revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump.  According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor.

 

Topics: Spear Phishing, BEC, Election 2020