Recent Posts

Recent Blog Posts

The PhishLabs Blog

Crane Hassold, Director of Threat Intelligence

A member of the PhishLabs R.A.I.D., Crane specializes in cyber behavioral analysis. Prior to PhishLabs, he spent 12 years with the FBI, helping to create and build the FBI's Cyber Behavioral Analysis Center.
Find me on:

Recent Posts

Silent Librarian University Attacks Continue Unabated in Days Following Indictment

On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world.

If you’ve been following our blog (or the news), you already know the actors are associated with an organization called the Mabna Institute, and are responsible for stealing more than 31 terabytes of data over the past four and a half years. To put that number in context, you’d need to cut down more than 1.5 million trees to make enough paper to print out all of the stolen data.

Read More

Topics: Phishing, Spear Phishing, silent librarian

How Universities Should Respond to Iranian Hacking Charges

Last week, news broke that an Iranian hacker network, Mabna Institute, had been systematically stealing data from universities across the US and abroad.

It’s unclear precisely how much data has been compromised, but it has been estimated to have cost US universities around $3.4 billion dollars to collect and maintain.

While the administration has announced sanctions and criminal indictments against the group, it’s highly unlikely any of the actors involved will receive punishment.

So if you happen to work for a university, or be responsible in some capacity for the data security of a university, you’d be forgiven for wondering “…What now?

Read More

Topics: Phishing, Spear Phishing

Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment

Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The information stolen from these universities was used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran. 

Read More

Topics: Spear Phishing, silent librarian

A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?

The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whenever sensitive information, such as passwords or credit card information, was entered on a non-HTTPS web page. In October, Google took this a step further by displaying a “Not Secure” label in the URL bar whenever a user enters any text on an HTTP website.

Read More

Topics: Threat Intelligence, Phishing Trends and Intelligence Report,, Phish

Have We Conditioned Web Users to be Phished?

Have the well-meaning recommendations of the security community made web users more vulnerable to cyber attacks? Have we conditioned people to be phished?

The HTTPS Paradox

You know that little green padlock symbol that appears in your browser’s URL bar every now and then? What do you think it means?

Read More

Topics: Phishing, Cyber Security Awareness Month

BEC Scams: How to Spot a Phish

All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

The Mobile Phishing Threat You’ll See Very Soon: URL Padding

The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

Read More

Topics: Mobile, Phish

How Phishing Volume Grew in the First Three Months of 2017

For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.

Read More

Topics: Phishing, PTI Report

Beyond .COM: Analysis of Phishing Domains in 2016

In the past few years, you’ve no doubt started to see some pretty strange website suffixes.

You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.

Read More

Topics: Phishing, PTI Report

Disrupting the Phishing Supply Chain

Phishing has proven to be a successful, lucrative, and persistent threat vector that does not discriminate by industry or size of an organization. Traditional defensive measures against phishing attacks focus on shutting down the web page. This may address the immediate problem, is that really a fight? This reaction does little to stop the cybercriminal who is able to continue launching future attacks. 

For us to truly evolve the fight against phishing, we need to combine the traditionally defensive posture with a proactive, aggressive strategy. This shift will allow us to disrupt the phishing supply chain and proactively go after kits and their creators on the distribution level instead of reacting to phishing sites that have been identified one-at-a-time. 

Using in-depth, comprehensive intelligence can help us do a better job of fighting phishing instead of reacting to it. If we are able to provide context to threats by understanding where and how they manifest, we are able to better prepare, defend, and prevent future cyberattacks.  

Read More

Topics: Phishing

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all