The PhishLabs Blog

The 2017 Phishing Trends & Intelligence Report is now available!

Posted by Joseph Opacki on Feb 7, '17

On behalf of the PhishLabs R.A.I.D., I'm proud to announce that the 2017 Phishing Trends & Intelligence Report has been released. As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening. 

Read More

Topics: Phishing, Threat Intelligence, Phishing Trends and Intelligence Report,, Phish, PTI Report

Vawtrak / Neverquest2 adopts new methods to increase persistence

Posted by King Salemno on Aug 5, '16

At the end of July, the PhishLabs Research, Anaysis, and Intelligence Division (R.A.I.D.) found two major changes in the codebase of Vawtrak (a.k.a. Neverquest2) that significantly increased the banking Trojan’s persistence and the risk it poses for victims. We have discovered that the newest iteration of Vawtrak is now using a domain generation algorithm (DGA) to identify its command and control (C2) server. By using an algorithm instead of hardcoded domains, automated attempts at mitigation are rendered inadequate. Additionally, this new DGA implementation is bundled inside of a codebase that appears smaller and more efficient possibly because of compiler optimization. This optimization prevents malware researchers from using their pre-established Vawtrak analysis techniques during the reversing process to assist with the mitigation of the threat.

Read More

Topics: Threat Analysis, Threat Intelligence, Vawtrak, Banking Trojan, Neverquest2, Malware Analysis, R.A.I.D.

Why Security Awareness Training – Alone – Doesn’t Solve the Spear Phishing Problem

Posted by Jon Hilfiger on Jul 14, '16

Every CISO, in every industry, is aware that spear phishing can be a problem – a big one – despite millions of dollars invested in (necessary) layers of technology defenses. In May 2016, CSO Online reported ANOTHER three firms were hit by targeted phishing attacks – attacks that stole employees W2 data. I guarantee all of these firms had security devices in place on their networks. These attacks were a form of social engineering that bypasses traditional security technologies and much can be done to help enlist employees to be part of any company’s overall defense. Many CISO’s have done just that - taken steps to ensure their employees are aware and work to reduce the likelihood of opening a malicious email. But, this still isn’t solving the spear phishing problem. Companies have been conducting varying degrees of security awareness training for years. But, the attacks are still happening and they are successful in spite of the training. So, what is a well-intentioned CISO to do? Give up? Train more? Find a better training approach?

Read More

Topics: Threat Intelligence, Spear Phishing Protection, T2, Employee Defense Training

Olympic Vision Keylogger and BEC Scams

Posted by Eris Maelstrom on May 24, '16

During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment confirmation lures. This campaign appears to be originating out of South Africa, utilizing both maliciously registered free domains as well as compromised domains.

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, BEC, business email compromise

How to make the most of reported phishing emails... Even if there are way too many

Posted by Joseph Opacki on May 19, '16

You’ve done it.

After months of nagging, security awareness training, and constant reminders, your employees have started reporting phishing emails. Take a moment to pat yourselves on the back, because this is no mean feat.

But… now what? What do you actually do with all these reported emails?

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Spear Phishing

Android.Trojan.Marcher - Conclusion

About Parts One and Two

This post is a conclusion to a three-part blog analyzing "Marcher" malware that targets the Android platform. Read part one here and part two here.  To round out the discussion, let’s cover the network and host indicators associated with this trojan.
Read More

Topics: Phishing, Malware, Threat Intelligence, Android, Banking Trojan

Bash “Shellshock” Bug Rivals Heartbleed in Cyber Threat Severity

The recently discovered bug, Shellshock, also known as the “bash bug” was made public on September 24, 2014, causing widespread anxiety as bug patches failed to remediate all vulnerabilities. The bug is found in Bash – an almost ubiquitous system software used in millions of computers, Linux-based machines and even Mac computers. Essentially, the vulnerability allows for remote execution of arbitrary commands on web servers and computers with no authentication required.

Read More

Topics: Threat Intelligence, Shellshock

PhishLabs partners with VirusTotal

Posted by Stacy Shelley on Sep 24, '14

We're pleased to announce that VirusTotal has joined our global network of cybercrime intelligence partners. Intelligence sharing is a vital part of the fight against cybercrime, providing threat visibility and insight to aggressively mitigate attacks and protect our clients. Our partnership with VirusTotal provides an additional layer of intelligence, expanding our threat visibility.

Read More

Topics: Threat Intelligence, Company News

Vawtrak Gains Momentum and Expands Targets

Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

What You Need to Know

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak

“Smash & Grab” cybercrime attacks have been active since mid-June

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash  & Grab,” targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab” operations have been active since at least mid-June using the same phishing and malware combination tactics described in the initial report. Our analysis also indicates a possible connection to cybercriminal actors currently or previously involved in GameOver Zeus operations.

Read More

Topics: Phishing, Malware, Threat Intelligence, Trojan, Crimeware

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_