Recent Posts

Recent Blog Posts

The PhishLabs Blog

Ryuk Ransomware Targeting Healthcare

Posted by The PhishLabs Team on Oct 29, '20

As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an increased and imminent cyber threat warning amid growing reports of healthcare providers falling victim to the campaign. The threat actors are using Trickbot (delivered via Emotet) to gain access to target systems and deploy Ryuk. 
Read More

How URL Tracking Systems are Abused for Phishing

Posted by Sean Bell on Oct 28, '20

Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive carriers for phishing URLs. To illustrate how it works, this post breaks down a recently-observed phishing attack that uses Google Ads’ tracking system to evade email filters. 
Read More

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

Posted by The PhishLabs Team on Oct 23, '20

PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been dubbed Planetary Reef. 
Read More

Topics: Domains

Eliminating the Threat of Look-alike Domains

Posted by The PhishLabs Team on Oct 20, '20

There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation, as well as diverse registrar requirements for removal, can make mitigating look-alike domains a complex, burdensome, and often ineffective process.
 
In this post, we examine steps to mitigate the internal and external risk posed by look-alike domains. 
Read More

Topics: Domain Threats Playbook, Domains

What is Digital Risk Protection?

Posted by Stacy Shelley on Oct 15, '20

Today’s enterprise attack surface is not limited to the corporate network. In fact, the network is just a small slice. When it comes to deciding how and where to attack an enterprise, threat actors have ample opportunity beyond the network perimeter. As a result, enterprises are investing in operational capabilities to detect and respond to external threats across the digital risk landscape. This is Digital Risk Protection (DRP).
Read More

Topics: Digital Risk Protection, DRP

How to Detect Look-alike Domain Registrations

Posted by The PhishLabs Team on Oct 13, '20

Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand’s credibility. A spoofed domain is easy and quick to create, and can act as the catalyst for malicious email campaigns and phishing sites. In order to detect and action domain threats targeting your organization, security teams need to implement mature and progressive processes for collection and curation.
Read More

Topics: Domain Threats Playbook, Domains

Digital Risk Protection vs. Threat Intelligence

Posted by John LaCour on Oct 9, '20

Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use cases. Many enterprises get tremendous value from DRP every day, but for those who are unfamiliar, read on to learn what DRP is, how it differs from TI, and how it can help protect your digital assets from external threats.
Read More

Topics: Threat Intelligence, Digital Risk Protection, DRP

How to Take Down Social Media Threats

Posted by The PhishLabs Team on Oct 6, '20

Threat actors increasingly use social media to attack brands, VIPs, and customers. The types of threats on these platforms are diverse and each social network has different policies in place for how they respond to reported attacks. As a result, mitigating threats on social media can be a frustrating and time-consuming process for security teams. In this post, we break down some common social media threat types and the evidence needed to remove them.  
 
Read More

Topics: Social Media Threats

Social Media Intelligence: Cutting Through the Noise

Posted by The PhishLabs Team on Oct 2, '20

Social media is rapidly becoming the preferred online channel for threat actors. Almost four billion people use some form of social media, and organizations are increasingly reliant on company pages, executive presence, and positive customer interaction to build a strong brand. As a result, a malicious post or tweet can cause irreversible damage to an enterprise. 
Read More

Topics: Digital Risk Protection, Social Media Threats

APWG: SSL Certificates No Longer Indication of Safe Browsing

Posted by Jessica Ellis on Sep 28, '20

The Anti-Phishing Working Group (APWG) has released its Phishing Activity Trends Report analyzing phishing attacks and identifying theft techniques reported by its members for Q2 of 2020. Key highlights of the report include a significant increase in wire transfer loss attributed to business email compromise (BEC) attacks and a 20% increase in BEC attacks targeting the social media sector. In addition, the observed emergence of phishing sites using Extended Validation (EV) Certificates in Q2 is a stark reminder that phishers are increasingly turning security features against users. 
Read More

Topics: Phishing, APWG, BEC, business email compromise, social media, Domains

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all