The PhishLabs Blog

On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world.

If you’ve been following our blog (or the news), you already know the actors are associated with an organization called the Mabna Institute, and are responsible for stealing more than 31 terabytes of data over the past four and a half years. To put that number in context, you’d need to cut down more than 1.5 million trees to make enough paper to print out all of the stolen data.

Last week, news broke that an Iranian hacker network, Mabna Institute, had been systematically stealing data from universities across the US and abroad.

It’s unclear precisely how much data has been compromised, but it has been estimated to have cost US universities around $3.4 billion dollars to collect and maintain.

While the administration has announced sanctions and criminal indictments against the group, it’s highly unlikely any of the actors involved will receive punishment.

So if you happen to work for a university, or be responsible in some capacity for the data security of a university, you’d be forgiven for wondering “…What now?”

Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The information stolen from these universities was used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran. 

The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whenever sensitive information, such as passwords or credit card information, was entered on a non-HTTPS web page. In October, Google took this a step further by displaying a “Not Secure” label in the URL bar whenever a user enters any text on an HTTP website.

Have the well-meaning recommendations of the security community made web users more vulnerable to cyber attacks? Have we conditioned people to be phished?

The HTTPS Paradox

You know that little green padlock symbol that appears in your browser’s URL bar every now and then? What do you think it means?

All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works.

The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.

In the past few years, you’ve no doubt started to see some pretty strange website suffixes.

You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.