The PhishLabs Blog

How and Why the Phishing Threat Landscape Has Changed

Posted by Lindsey Havens on Mar 24, '17

Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.

It was a serious threat, of course, but it had become somewhat… predictable.

But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.

Read More

Topics: Phishing, Phish Kit, Ransomware, PTI Report

Beyond .COM: Analysis of Phishing Domains in 2016


In the past few years, you’ve no doubt started to see some pretty strange website suffixes.

You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.

Read More

Topics: Phishing, PTI Report

The Phishing Email that Fooled Thousands of Trained Users

Posted by Dane Boyd on Mar 9, '17

It’s a sobering moment.

You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results.

But then it happens.

Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it.

Read More

Topics: security awareness training, EDT

Picking on the Little Guy: Ransomware Trends

Posted by Lindsey Havens on Mar 8, '17

In late 2015, malware trends hinted a ransomware epidemic was on its way.

And what happened? Less than three months into 2016, security analysts had branded it the ‘year of ransomware’.

Even popular media outlets were covering ransomware cases on an almost daily basis, and both consumers and businesses the world over would come to understand exactly what the word ransomware really means.

So what happened? After all, ransomware has been around for decades, so why the sudden explosion?

Read More

Topics: Ransomware, PTI Report

Phishing with Wildcard DNS Attacks and Pharming

Posted by Eris Maelstrom on Mar 3, '17

The cyclical relationship between threat actors and security professionals begins with the creation of a new attack technique, followed by the discovery of that technique by the security community, and then a refashioning of the manner of attack or creation of another novel approach by threat actors. 

Phishers are always seeking better ways to entice victims into providing their personal and/or sensitive information, as well as to evade detection by security companies. 

Lately, we have observed an uptick in attacks utilizing  DNS records for malicious purposes. These attacks fall into two main categories: pharming and wildcard DNS attacks. This post provides examples of these methods and describes in detail how phishers use them in their attacks.

Read More

Topics: Pharming, R.A.I.D., DNS

APWG & Kaspersky Research Confirms Phishing Trends & Intelligence Report Findings

Posted by Lindsey Havens on Mar 2, '17

“For any study or research project, the ultimate assessment of validity is independent duplication of results.”

This quote was the first line of an email I received a few days ago from Crane Hassold, our senior security threat researcher at PhishLabs.

And since we’ve recently published our annual Phishing Trends & Intelligence (PTI) report, I was interested to learn more.

Read More

Topics: Phishing, PTI Report

Anatomy of a Phishing Attack: How Phish Kits Evolved in 2016

Posted by Lindsey Havens on Feb 23, '17

At this point, most organizations are already aware of phishing. No matter what industry you’re in, phishing is one of the top cyber threats you’ll face in 2017.

But for most people, the threat actors responsible for phishing attacks are something of a mystery. They picture a faceless, hooded specter, hidden somewhere in the dark recesses of the Internet.

Read More

Topics: Phishing, Phish Kit, PTI Report

Dissecting the Qadars Banking Trojan

Posted by Raashid Bhat on Feb 22, '17

Qadars is a sophisticated and dangerous trojan used for crimeware-related activities including banking fraud and credential theft. Qadars targets users through exploit kits and is installed using Powershell Scripts. We have observed Qadars targeting multiple well-known banks in UK and Canada and is capable of stealing infected users' two-factor authentication codes and banking credentials through the deployment of webinjects. While not as well known or widespread as other Trojans, the operators have shown commitment to development of Qadars’ on-board evasion techniques and its advanced and adaptable privilege escalation module. This emphasis on persistence alongside the frequent shifts in both industry and geographic targeting indicate Qadars will remain a potent threat through 2017.
Read More

Topics: Threat Analysis, Threat Intelligence, Banking Trojan, Qadars

Shooting Gallery: A Breakdown of Phishing Targets in 2016

Posted by Lindsey Havens on Feb 21, '17

Many organizations assume they won’t be targeted by phishers.

After all, they aren’t financial institutions, or retail outlets, or e-payment services, so why would anyone target them?

And we get it. Your security budget is only so big, and you have to make decisions about where to allocate it. You can’t cover all your bases all the time.

But the phishing landscape has moved, and the old ‘rules’ don’t apply anymore.

Read More

Topics: Phishing, PTI Report

The Sinister New Trend in Phishing (and Why You Should Care)

Posted by Lindsey Havens on Feb 14, '17

Unless you’ve been living under a rock for the past decade, you’ve already heard of phishing.

You probably have an idea of how it works. Perhaps you’ve even spotted a few suspicious emails in your inbox.

Security conscious organizations have been concerned about phishing for a long time. Many have been actively teaching employees to recognize and report phishing emails on sight.

Read More

Topics: Phishing, PTI Report

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_