The PhishLabs Blog

Third DocuSign Phishing Campaign Identified Linked to Email Database Breach

Posted by Olivia Vining on May 19, '17

Since May 9, PhishLabs has tracked multiple phishing campaigns that uses DocuSign branding that lures victims into downloading malicious files.  These campaigns followed a breach of a DocuSign database containing user email addresses.  Each of the campaigns associated with this breach contain similar, yet distinct, characteristics.  The third, and most recent, campaign was launched on May 17. 

Read More

Topics: Phishing, Spear Phishing, DocuSign

How Malicious Domain Correlation is Fueling the Fight Against Phishing

Posted by Lindsey Havens on May 19, '17

In the fight against phishing, there’s far more to think about than simply blocking malicious email.

In fact, as a security vendor, our analysts spend a huge amount of time trying to disrupt the phishing landscape in a way that makes all of us safer.

Read More

Topics: Phishing

WannaCry: What We Know… and What We Don’t

Posted by Joseph Opacki on May 17, '17

Unless you've had your head buried firmly in the sand for the past few days, you’ll already have heard of WannaCry, the latest in an ongoing deluge of ransomware strains.

Since the attack started last Friday over 230,000 computers have been infected across 150 countries, with high profile victims including Telefónica, Britain’s National Health Service (NHS),  FedEx, Deutsche Bahn, and LATAM Airlines.

And if you’ve been following the story, you’ll know all sorts of people have been getting involved. With slightly confusing (and sometimes contradictory) reports surfacing in news outlets all over the world, we thought we’d take a few moments to explain what is (and isn’t) currently known about WannaCry, and what you can do to minimize your organization’s risk of infection.

Read More

Topics: Ransomware, WannaCry

Global WannaCry Ransomware Outbreak

Posted by Joseph Opacki on May 12, '17

Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks. 

Read More

Topics: Phishing, Ransomware, WannaCrypt

How To use URL Pattern Analysis for Phishing Detection & Mitigation

Posted by Lindsey Havens on May 5, '17

When you’re attempting to mitigate the risk of phishing, threat intelligence plays a vital role.

After all, what better way to predict and intercept future phishing attacks than by analyzing past attacks for patterns and indicators?

This post is the second in a series breaking down lessons learned from our recent consumer-focused phishing webinar. In the first post we covered the value of phishing intelligence, and explained how to use source code analysis to link individual phishing sites back to the phishing kits and actors responsible.

Read More

Topics: Phishing, Threat Intelligence

How Source Code Analysis Helps Defend Against Phishing

Posted by Lindsey Havens on May 3, '17

If you want to protect your organization from phishing attacks, threat intelligence is a vital tool.  From phish kits and phishing sites to individual email lures, there’s a huge amount to learn from each section of the phishing kill chain.

Last month we kicked off our new webinar series, in which we’ll be taking a deep dive into specific phishing attacks to help members of the infosec community understand precisely how and why each attack vector works.

Read More

Topics: Phishing, Threat Intelligence

How To Build a Powerful Security Operations Center, Part 3: Financial Investment & Reporting

Posted by Johnny Calhoun, VP Client Operations on Apr 26, '17

If you’ve made it this far through the series, you’re no doubt starting to realize (if you hadn’t already) that building a functional SOC requires a great deal of time, thought, and investment.

If you haven’t been following the series so far, now would be a good time to go back and read the first two articles:

So now that we've covered the most important components of a powerful SOC, it’s time to bring things into the real world, and talk about financial investment.

Read More

Topics: Security Operations

From Macro To Mitigation: An Analysis of TrickBot's Lifecycle


Summary

Since the identification of TrickBot in late-2016, we have observed it targeting bank customers throughout the United States, United Kingdom, Germany, Australia, and Canada, following an attack pattern similar to the Trojan from which it was developed, Dyre. TrickBot enters into a victims machine and sends bank information to criminals through a complex series of events initiated by one click. Once initiated, TrickBot resides in the background, operating as unobtrusively as possible. While the process, from installation to credential theft, can happen in seconds, TrickBot follows discrete linear steps that provide opportunities for mitigation.

Read More

Topics: Threat Analysis, Threat Intelligence, Banking Trojan, TrickBot

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Posted by Johnny Calhoun, VP Client Operations on Apr 19, '17

In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC).

And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started.

In this post, we’re going to take a closer look at the technical requirements of building a SOC, including software, hardware, communications, project tracking, and more.

So let’s get right to it…

Read More

Topics: Security Operations

How To Build a Powerful Security Operations Center, Part 1: Motivation & Logistics

Posted by Johnny Calhoun, VP Client Operations on Apr 14, '17

There’s a certain mystique and excitement surrounding the idea of a security operations center.

It puts your in mind of a mission control style room, possibly in an underground bunker, where people in uniforms shout orders and spend all their time responding to imminent threats.

And in a world where cyber attacks have become a daily reality, and even midsize organizations are forced to designate substantial budgets for cyber security, the idea of implementing a SOC has become far more realistic.

Read More

Topics: Security Operations

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all