Recent Posts

Recent Blog Posts

The PhishLabs Blog

Silent Librarian University Attacks Continue Unabated in Days Following Indictment


On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world.

If you’ve been following our blog (or the news), you already know the actors are associated with an organization called the Mabna Institute, and are responsible for stealing more than 31 terabytes of data over the past four and a half years. To put that number in context, you’d need to cut down more than 1.5 million trees to make enough paper to print out all of the stolen data.

Read More

Topics: Phishing, Spear Phishing, silent librarian

How Universities Should Respond to Iranian Hacking Charges


Last week, news broke that an Iranian hacker network, Mabna Institute, had been systematically stealing data from universities across the US and abroad.

It’s unclear precisely how much data has been compromised, but it has been estimated to have cost US universities around $3.4 billion dollars to collect and maintain.

While the administration has announced sanctions and criminal indictments against the group, it’s highly unlikely any of the actors involved will receive punishment.

So if you happen to work for a university, or be responsible in some capacity for the data security of a university, you’d be forgiven for wondering “…What now?

Read More

Topics: Phishing, Spear Phishing

Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment


Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The information stolen from these universities was used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran. 

Read More

Topics: Spear Phishing, silent librarian

Who Says Holiday Romance is Dead? Catphishers, That’s Who

Posted by Lindsey Havens on Feb 14, '18

It’s that time of year again.

A day of romance, crowded restaurants, overblown gestures of love, and…

Well. You get the idea.

For those of us in the security world there’s another, less enjoyable component to Valentine’s Day. Yes, even less enjoyable than trying to share a romantic meal while sitting less than a foot away from four other couples.

Yes, I’m talking about holiday themed phishing scams. We’ve written about this precise topic many times before (including last Valentine’s Day) but so far we’ve never tackled the specific scams that surround this romance-centric annual event.

So before you send those dutch-courage fueled love notes, just take a moment to consider…

Read More

Topics: Phishing, Spear Phishing, Employee Defense Training

Office DDE feature exploited to deliver DNSMessenger payload in new targeted phishing campaign

Posted by Joshua Shilko on Nov 14, '17

The Research, Analysis, and Intelligence Division (R.A.I.D.) here at PhishLabs interacts with a multitude of malware samples in our day-to-day operations. Occasionally, we come across a campaign that stands out from the rest. One such instance occurred recently when one of our Phishing Threat Monitoring service clients was targeted with DNSMessenger, a sophisticated, memory-based infection technique, which has been previously associated with a financially-motivated Advanced Persistent Threat (APT) actor group. Also notable is the delivery method – the increasingly popular Dynamic Data Exchange (DDE) protocol Office document attack. This delivery method has recently been adopted by actors ranging from nation-state APTs to spammers peddling downloaders and ransomware. In this article, we will examine this delivery vector and dissect the initial DNSMessenger payload.

Read More

Topics: Spear Phishing, Office DDE Exploit

"Phish For The Future" is Perfect Example of Advanced Persistent Phishing

Posted by Stacy Shelley on Sep 29, '17

 

The Electronic Frontier Foundation (EFF) has reported that activists at Free Press and Fight for the Future were hit over the summer with a targeted spear phishing campaign that involved nearly 70 phishing attempts. If you haven't read their report, you should. Very few organizations would come out of the same situation unscathed.

Read More

Topics: Spear Phishing, Phish, EFF, Advanced Persistent Phish

Third DocuSign Phishing Campaign Identified Linked to Email Database Breach

Posted by Olivia Vining on May 19, '17

Since May 9, PhishLabs has tracked multiple phishing campaigns that uses DocuSign branding that lures victims into downloading malicious files.  These campaigns followed a breach of a DocuSign database containing user email addresses.  Each of the campaigns associated with this breach contain similar, yet distinct, characteristics.  The third, and most recent, campaign was launched on May 17. 

Read More

Topics: Phishing, Spear Phishing, DocuSign

How to Calculate ROI for Security Awareness Training

Posted by Jenny Dowd on Nov 22, '16

Frustrating, isn’t it?

You put all that effort into designing a security awareness training program… 

But is it helping keep your organization safe? Or is it just satisfying your compliance requirements?

The truth is you have no idea. After all, how can you measure return on investment (ROI) for something intangible like security awareness training?

Read More

Topics: Phishing, Spear Phishing, security awareness training

How and Why You Should Calculate Your Organization's Cost of Phishing

Posted by Jenny Dowd on Nov 15, '16

Everybody knows phishing is costly to their organization. 

But how costly? Few organizations know for sure.

Plenty of studies have claimed to calculate the cost of phishing, but the results are usually hard to swallow. For instance, does phishing cost your organization $1.6 million per incident? Or $3.7 million per year?

Perhaps... but probably not.

The issue with these figures is that they're averages, heavily skewed by data from huge organizations. The results may be interesting, but they're of little use to most organizations.

Read More

Topics: Phishing, Spear Phishing, security awareness training, cost of phishing

Why Your Security Awareness Training Isn't up to Par (And What to Do About It)

Posted by Jenny Dowd on Nov 10, '16

Most security awareness training is boring, infrequent, and ineffective. And the worse part is… everybody knows it.

But why? How did we get to this point? And who does all this sub-par security awareness training benefit?

To answer these questions we’ll need to examine one of the main drivers: Compliance.

Read More

Topics: Phishing, Spear Phishing, security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all