Recent Posts

Recent Blog Posts

The PhishLabs Blog

Don Jackson, Director of Threat Intelligence

Find me on:

Recent Posts

Bash “Shellshock” Bug Rivals Heartbleed in Cyber Threat Severity


The recently discovered bug, Shellshock, also known as the “bash bug” was made public on September 24, 2014, causing widespread anxiety as bug patches failed to remediate all vulnerabilities. The bug is found in Bash – an almost ubiquitous system software used in millions of computers, Linux-based machines and even Mac computers. Essentially, the vulnerability allows for remote execution of arbitrary commands on web servers and computers with no authentication required.

Read More

Topics: Threat Intelligence, Shellshock

Cybercriminals Find POS Terminals Easy Prey


Over the past few months an abundance of point-of-sale (POS) attacks on major retailers has left millions of consumers’ personal account information vulnerable. The Home Depot, Goodwill, Supervalu grocery chain, Dairy Queen, and the UPS Store were all recently in the spotlight for POS terminal attacks where memory-scraping malware was installed to nab customer information. What is the cause of the uptick in POS attacks and what can be done to mitigate future attacks?    

Read More

Topics: Fraud, Account Takeover, POS Attacks

“Please Try Again” – Trending Tactics in Phishing


Have you ever received this message when logging into an account? Chances are you have and you likely  blamed the “error” on yourself. What did you do next? You probably carefully typed each letter of your password to ensure accuracy. After reading this post, we hope you will think twice about the next request to “please try again.”

With an increase in phishing activity (APWG recently reported a 10.7 percent increase), also comes evolving tactics of deceit. In the past month, PhishLabs' R.A.I.D. (Research, Intelligence, and Analysis Division) observed the rise of intentional errors into scammers' playbooks.

Read More

Topics: Phishing, Fraud, Hacker Tools, Account Takeover

Vawtrak Gains Momentum and Expands Targets


Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

What You Need to Know

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak

“Smash & Grab” cybercrime attacks have been active since mid-June


Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash  & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations.

Read More

Topics: Phishing, Malware, Threat Intelligence, Trojan, Crimeware

Banks, ePayment Services Top List of Phishing Kit Targets


Over the last month, PhishLabs analyzed nearly 9,000 phishing kits and variants available on compromised and clandestine servers, file sharing services, underground scammer forums, and various user-generated content sites such as blogs. 

The following chart displays a breakdown of phishing kits we analyzed, based on the type of brand targeted. Financial Institutions, ePayment & Money Transfer Services, Social Networking Sites, and Email Services were the brand categories most frequently targeted by phishing kits, representing a combined 77% of kits analyzed.

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Phish Kit

Should financial institutions be concerned about Blackshades?


Earlier this week, law enforcement officials announced the arrest of more than 90 people for using and distributing the Blackshades RAT. In the wake of the arrests, we’ve been asked if Blackshades is a threat that banks, credit unions, and other financial institutions should be particularly concerned about. 

Should financial institutions be doing anything differently to protect against Blackshades specifically? Probably not.

Read More

Topics: Malware, Threat Intelligence, Trojan

Targeted Wire Transfer Scam Aims at Corporate Execs


PhishLabs has discovered a fraudulent invoice campaign targeting corporate executives. The scammers attempt to convince their targets to wire funds to various accounts controlled by the fraudsters in order to settle the terms and outstanding balances on legitimate invoices from other companies.

What to look for

Emails associated with this campaign follow this characteristic pattern: 

Read More

Topics: Phishing, Fraud, Threat Analysis, Lure, Spam

Phishing @Home: Phishers set up sites on residential broadband hosts


PhishLabs is studying a wave of phishing attacks that utilize spam to distribute links to phishing sites installed and hosted on the personal computers of residential broadband customers.

The attackers start by scanning residential service IP address space for open RDP (Remote Desktop) ports and brute-force default, common, or otherwise weak passwords.  Once access is gained, the attackers install web server software and upload a number of different phishing pages, the links to which are sent out via spam email messages.

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Spam

New Man-in-the-Middle attacks leveraging rogue DNS


New MitM attacks impersonate banking sites without triggering alerts

PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted.

Read More

Topics: Malware, Fraud, Threat Analysis, Threat Intelligence, Rogue DNS, Crimeware

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Posts by Topic

see all