The PhishLabs Blog

Joseph Opacki

Joseph Opacki is the VP of threat research, analysis and intelligence at PhishLabs. Prior to joining PhishLabs, Mr. Opacki was the Senior Director of Global Research at iSIGHT Partners. Before his career in the private sector, Mr. Opacki was the malware reverse engineering Subject Matter Expert (SME) and the Technical Director of advanced digital forensics in the Operational Technology Division at the Federal Bureau of Investigation. Mr. Opacki has a bachelor’s degree from George Mason University and a Master of Science in Information Technology from Virginia Polytechnic Institute and State University.

Recent Posts

Phishing Implications of the Equifax Data Breach

Posted by Joseph Opacki on Sep 14, '17

By now, just about everyone has heard about the massive Equifax data breach. It exposed the sensitive personal information of more than 143 million consumers (nearly half of all Americans) and has been spread across headline after headline since it was first announced on September 7th.

There have been plenty of reports and advisories published since then with guidance for individuals affected. The FTC issued a useful list of steps that victims can take to reduce the risk of their information being abused, many of which could simply be copy/pasted given how frequent and common breaches of this scale have become. Set up fraud alerts, check your credit report for free, sign up for monitoring, freeze your credit files with the major credit bureaus, keep a close eye on financial statement for any unusual activity, etc.

While those are all good steps to take, we should also consider the implications when it comes to phishing.

Read More

Topics: Phishing, Data Breach, Breach, Equifax

WannaCry: What We Know… and What We Don’t

Posted by Joseph Opacki on May 17, '17

Unless you've had your head buried firmly in the sand for the past few days, you’ll already have heard of WannaCry, the latest in an ongoing deluge of ransomware strains.

Since the attack started last Friday over 230,000 computers have been infected across 150 countries, with high profile victims including Telefónica, Britain’s National Health Service (NHS),  FedEx, Deutsche Bahn, and LATAM Airlines.

And if you’ve been following the story, you’ll know all sorts of people have been getting involved. With slightly confusing (and sometimes contradictory) reports surfacing in news outlets all over the world, we thought we’d take a few moments to explain what is (and isn’t) currently known about WannaCry, and what you can do to minimize your organization’s risk of infection.

Read More

Topics: Ransomware, WannaCry

Global WannaCry Ransomware Outbreak

Posted by Joseph Opacki on May 12, '17

Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks. 

Read More

Topics: Phishing, Ransomware, WannaCrypt

The 2017 Phishing Trends & Intelligence Report is now available!

Posted by Joseph Opacki on Feb 7, '17

On behalf of the PhishLabs R.A.I.D., I'm proud to announce that the 2017 Phishing Trends & Intelligence Report has been released. As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening. 

Read More

Topics: Phishing, Threat Intelligence, Phishing Trends and Intelligence Report,, Phish, PTI Report

Phishing, Whaling, & the Surprising Importance of Privileged Users

Posted by Joseph Opacki on Jun 23, '16

By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.

Read More

Topics: Phishing, Spear Phishing

How to make the most of reported phishing emails... Even if there are way too many

Posted by Joseph Opacki on May 19, '16

You’ve done it.

After months of nagging, security awareness training, and constant reminders, your employees have started reporting phishing emails. Take a moment to pat yourselves on the back, because this is no mean feat.

But… now what? What do you actually do with all these reported emails?

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Spear Phishing

2016 Phishing Trends & Intelligence Report: Hacking the Human

Posted by Joseph Opacki on Feb 25, '16

Today we published the 2016 Phishing Trends & Intelligence Report: Hacking the Human.  We are proud that this report uniquely provides a first-hand, in-depth view of phishing directly from the continuous work PhishLabsTM does to fight back against phishing attacks and the threat actors behind them.

 It was researched and written by our very own PhishLabs R.A.I.D.TM (Research, Analysis, and Intelligence Division), which is made up of some of the world’s most respected threat researchers. The information and analysis in this report came directly from our operations and the technology systems we use to fight back against phishing attacks. We analyzed more than one million confirmed malicious phishing sites in 2015, residing on more than 130,000 unique domains.

Read More

Topics: PhishLabs, General, Threat Analysis, Company News, Phishing Trends and Intelligence Report,

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all