Since May 9, PhishLabs has tracked multiple phishing campaigns that uses DocuSign branding that lures victims into downloading malicious files. These campaigns followed a breach of a DocuSign database containing user email addresses. Each of the campaigns associated with this breach contain similar, yet distinct, characteristics. The third, and most recent, campaign was launched on May 17.
In the fight against phishing, there’s far more to think about than simply blocking malicious email.
In fact, as a security vendor, our analysts spend a huge amount of time trying to disrupt the phishing landscape in a way that makes all of us safer.
Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks.
When you’re attempting to mitigate the risk of phishing, threat intelligence plays a vital role.
After all, what better way to predict and intercept future phishing attacks than by analyzing past attacks for patterns and indicators?
This post is the second in a series breaking down lessons learned from our recent consumer-focused phishing webinar. In the first post we covered the value of phishing intelligence, and explained how to use source code analysis to link individual phishing sites back to the phishing kits and actors responsible.
In the last post, we took an in-depth look at how ransomware changed during 2016, and what we expect to see happen in the coming year.
The post, which was based on a recent webinar, was pretty long and in-depth, so if you'd like some context you might like to go back and read it before continuing or feel free to watch the on-demand webinar.
In this post we’re going to run through the most important part of the webinar: what you can do to secure your organization against ransomware.
Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.
It was a serious threat, of course, but it had become somewhat… predictable.
But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.
In the past few years, you’ve no doubt started to see some pretty strange website suffixes.
You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.
“For any study or research project, the ultimate assessment of validity is independent duplication of results.”This quote was the first line of an email I received a few days ago from Crane Hassold, our senior security threat researcher at PhishLabs.
And since we’ve recently published our annual Phishing Trends & Intelligence (PTI) report, I was interested to learn more.
At this point, most organizations are already aware of phishing. No matter what industry you’re in, phishing is one of the top cyber threats you’ll face in 2017.
But for most people, the threat actors responsible for phishing attacks are something of a mystery. They picture a faceless, hooded specter, hidden somewhere in the dark recesses of the Internet.