The PhishLabs Blog

In 2020, cybercrime has seen a dramatic evolution in ransomware attacks. This threat type has adopted increasingly malevolent tactics and targeted some of the year's most vulnerable industries. Operators are linking up, franchising their attacks, extorting their victims, then expecting organizations to believe them trustworthy. By 2021, ransomware is anticipated to cause $20 billion in loss. 

Topics: Ransomware

Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable brands and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery.

Topics: Spear Phishing Protection, business email compromise, Digital Risk Protection, Domains

The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw the first of what would be an onslaught of criminal activity using the pandemic to manipulate users, and over the course of the year these attacks have been modified to reflect local and global fallout. 

Topics: COVID-19

The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of 2020. Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts. 

Topics: Phishing, BEC, business email compromise, https, Domains

Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of use cases, and in order to protect themselves against attacks, organizations should learn to identify its range of malicious applications. 

 

 

In this article, we explore the variety of ways impersonation can be used to target a single entity. All examples originate from the same financial institution (FI). 

 

Topics: Digital Risk Protection, DRP, Domains, Brand Abuse

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. Cybercriminals register hundreds of thousands of look-alike domains each year with the goal of impersonating legitimate brands and making money, usually by committing fraud.

In this post, we’ll describe how domains help us communicate on the Internet, the anatomy of a look-alike domain and why we fall for them, how attackers create them, and the best place to begin when facing this common threat.

Topics: Digital Risk Protection, Domains

Most phishing campaigns use social engineering and brand impersonation to attempt to take over accounts and trick the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.

Topics: Email Incident Response, Office 365

Today’s enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces and transition to new platforms. The external digital landscape is also rapidly expanding, and organizations are being required to conduct business more frequently through non-traditional channels. This digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter. 

In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities. 

Topics: Digital Risk Protection, DRP

While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another layer of complexity to an already difficult decision. Should organizations pay up? Or should they refuse?  According to a recent report, it may not matter. Data stolen in ransomware attacks is frequently becoming public even after the victim has paid. 

Topics: Ransomware, Digital Risk Protection, Email Intelligence & Response, DRP