The PhishLabs Blog

Phishing has and will continue to be a threat to anyone connected to the web. This is a fact set in stone, and regardless of advancements in technology, social engineering will allow these attacks to continue to be successful.

Recently, our Director of Product Management, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One of the many reasons why such a plan should be created is because, in today’s world, an enterprise organization’s digital footprint can be vast and will continue to grow.

Taking Advantage of Our Tendency to Simplify

There’s an old joke floating around the Internet that claims NASA, upon discovering that standard ballpoint pens would not work in space, invested millions of dollars and years of R&D. The resulting pen was supposedly capable of writing in zero-G, on any surface, and in temperatures that would surely kill any astronaut. When confronted with the same problem, the Soviets simply handed their cosmonauts pencils.

In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million.

It’s time to take action against phish! Phishing attacks are no longer few and far between, they are the norm.

Regardless of your company’s investments in filtering technologies and countermeasures, suspicious and malicious emails make it into employee inboxes. It only takes one to cost your company time, money, and lost reputation.

We’ve previously reported on how, due to the rise in phishing attempts leveraging SSL certificates, the  icon in your web browser gives your users a false sense of security. The threat, however, doesn’t end with your web browser.

You are affected by social engineering tactics every day.

Phishing attacks are supposed to be visible. If you can’t see them, how could anyone possibly fall for them? Since the dawning of time for phishing attacks there has been a constant struggle between the threat actors creating phishing sites and the individuals and organizations combating them.

Healthcare data breaches are among the most costly of any industry, and phishing attacks are the number one cause. 

Security technologies, while essential, are not enough to mitigate the threat posed by phishing. Over 90 percent of data breaches contain a phishing component, and the average cost to remediate a data breach is $3.86 million.

We've recently noticed two significant changes in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is the use of Telegram Messenger in addition to Twitter for communicating C2 URLs.