The scope of intelligence on underground marketplaces is vast and navigating the dark web in search of brand mentions and potential threats can be time-consuming and complex. In order to proactively defend against attacks and mitigate the threat of leaked information, organizations should consistently monitor marketplaces and forums for data pertaining to their brand. If questionable data is...

QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021. While QBot led all other...

QR phishing is currently considered a high priority risk capable of bypassing existing security controls, according to the latest article from Cyber Security Intelligence. QR Phishing, otherwise known as Quishing, is an extension of phishing attacks that is gaining popularity among threat actors who understand many email systems have difficulty reading the contents of the code. Similar to...

Threat Background & History Beginning in the first half of 2022, Fortra has monitored a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout the past two years is known as Strox (aka Strox...

Is your 401k a target for cybercriminals? According to the latest article from U.S. News, warning signs such as missing contributions and unexplained transactions could indicate your retirement funds are at risk. Check out the article here to learn what signs could indicate that something is amiss, and best practices from Fortra’s security expert Eric George on how to protect your accounts. if...

In July 2021, the White House established a voluntary initiative for industrial control systems (ICS) to promote cooperation between the critical infrastructure community and the federal government. The fundamental purpose of the initiative was “to defend the nation’s critical infrastructure community by encouraging and facilitating the deployment of technologies and systems that provide threat...

One of our Digital Risk Protection service customers, LastPass, is committed to monitoring the cyber threat environment to keep our customers as secure as possible. To highlight this commitment, we want to call attention to recent joint efforts to disrupt a phishing campaign targeting LastPass customers and associates that began two weeks ago. We are sharing this with you not because it is a new...

Fortra’s PhishLabs has identified two separate incidents of new Google top-level domain (TLD) .zip used in phishing attacks. The attacks, detailed in the September issue of Cyber Defense Magazine, use .zip to impersonate a social media conglomerate and global technology company. Look-alike domains using common file extensions are increasingly used to enhance the perceived legitimacy of cyber...

Banks were targeted on social media more in Q2, after the largest spike in activity since 2021, according to Fortra’s PhishLabs. While cybercriminal focus on financial institutions remains high, the average number of social media attacks per business, per month in 2023 is trending lower than in 2022. In Q2 specifically, businesses experienced nearly 18 fewer attacks on social channels on average...

Cybercriminals doubled down on popular threat types and preferred malicious software in Q2, with O365 phish and QBot malware dominating inboxes by significant margins. QBot operations eclipsed all other malware once again, reaching their highest volume of share just before a multinational takedown Tuesday removed malicious code from more than 700,000 computers. Similarly, but lacking in...

Domain Impersonation: When Imitation Is Not the Sincerest Form of Flattery It’s no secret that an organization’s domain is a critical piece of the organization’s identity and business. People rarely need to manually enter a website address in their browser as search engines can give people a list of domains after entering just 2-3 letters. But how many people pay close attention to a domain...

In the ever-evolving landscape of cybercrime, look-alike domains remain a constant component in the vast majority of threats. Look-alike domains or, URLs that resemble those of a legitimate brand, can cause significant damage to brand reputation by way of fraudulent websites, phishing schemes, malware distribution, and more. Original research conducted by Fortra’s PhishLabs analyzes how look...

As technology advances, the battle between cyber criminals and organizations intensifies. Cyber threats have become more sophisticated, complex, and widespread, posing a significant risk to the security and integrity of sensitive data. In Q1 2023 alone, the number of global cyber attacks increased by 7%, with an average of 1,248 attacks reported per week. In a separate report by The Independent...

In Q2, phishing attacks targeting social media platforms increased more than 23%, according to Fortra’s PhishLabs. This is the greatest volume of attacks on social media in two years and puts the industry ahead of historically top targeted financial institutions. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this...

The latest Verizon Data Breach Investigations report indicates that over 70% of data breaches involved the human element. Cybercriminals exploit people to trick them into clicking unsafe links, opening malicious attachments, entering their credentials into bogus login pages, sharing sensitive data, and authorizing fraudulent fund transfers. One area where many exploits take place is on social...

QBot dominated as the top payload in Q2 with more than 95% of reported volume, according to Fortra’s PhishLabs. This is the third consecutive quarter QBot has led all other malware varieties by a significant majority. QBot was also consistently reported as a top payload in 2022, falling second only to Emotet and Redline Stealer before its current streak. Email payloads remain the primary delivery...

Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation...

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media...

The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that organizations can take to protect against them. What is...

You did it! You can now take a quiz and accurately answer "What Is DMARC?"! Next you've generated your DMARC record, implemented your policy, and authenticated your email domains. DMARC is no easy feat in itself and now, after DNS requests, third-party conference calls and writing internal policies, you are ready...to enforce a stricter DMARC policy! If your DMARC policy has been set to p=none...