Blog

Blog

Understanding how Polymorphic and Metamorphic malware evades detection to infect systems

Polymorphic and metamorphic malware constantly changes itself in order to avoid detection and persistently remain on the system. This adaptive behavior is the main distinctive attribute of these types of malware, which is also why they are harder to detect; it is also why they pose a great threat to systems. On the surface, the functionality of this sort of changing and mutating malware appears...
Blog

99% of User-Related Threats Are Email Impersonation Attempts

Threats in corporate inboxes hit new highs with a quarter of all reported emails classified as malicious or untrustworthy. 99% of these threats were email impersonation threats, such as BEC and credential theft lures, that lack attachments or URLs delivering malware payloads. Cybercriminals continue to bypass traditional email security tools and reach end users by impersonating individuals,...
Blog

Dark Web Focus on Credit Unions Increases in Q1

In Q1, Credit Unions nearly surpassed Banking Institutions as the top targeted industry on the dark web. Just under 36% of stolen card data on dark web platforms was linked to Credit Unions, marking the fourth consecutive quarter the industry has seen an increase in malicious activity. Every quarter, Fortra’s PhishLabs analyzes hundreds of thousands of attacks targeting enterprises and our...
Blog

Social Media Attacks Targeting Banks and Retail Climb in Q1

Social media attacks targeting businesses have jumped 12.2% in Q1 from the previous quarter, according to Fortra’s PhishLabs. Attacks on social channels are also trending higher than Q1 2022, with the average business experiencing more than 81 attacks per month. External platforms, such as social media, are widely used by cybercriminals to engage in fraud and distribute misinformation. Threatening...
Blog

Untrustworthy Email in Inboxes Reaches All-Time High

In Q1, the volume of emails classified as malicious or do not engage reached nearly a quarter of all reported emails. This is the highest combined volume of these categories since Fortra’s PhishLabs has documented this data point. Of those classified as malicious, threats considered email impersonation or, those lacking known signatures, made up a significant 98.7%. Every quarter, PhishLabs...
Blog

Free Domain Abuse Plummets in Q1 as Staging Methods Shift

Free domain registrations used to stage phishing sites have experienced a significant drop in activity, contributing to just under 2% of phishing abuse in Q1. Free domain registrations and other no-cost means of staging phishing infrastructures are historically a favorite of threat actors. While no-cost methods as a whole did make up the majority of abuse in Q1, the decline in free domains can be...
Blog

Top Fraudulent Activity Targeting Retail on the Dark Web - Part Two

The dark web is a haven of stolen goods and data, and limited visibility into activity targeting your brand leaves organizations at risk. Malicious behavior takes many forms, and a lack of understanding of what or how an asset is exposed on underground channels can lead to brand damage and financial loss. Detecting stolen data on the dark web is demanding, as navigating volatile marketplaces can...
Blog

Top Fraudulent Activity Targeting Retail on the Dark Web

Bad actors use the dark web to exchange compromised data and goods anonymously, often unnoticed by the victim organization. Malicious activity can manifest in many ways on underground channels and, because of the technical obstacles associated with accessing the dark web, visibility can be limited, making it difficult to know which assets might be at risk. If sensitive information is left...
Blog

Top Tactics of BEC Attacks in 2023

Email impersonation is the fastest growing and most successful means of bypassing email security controls. In Q4 2022, the response-based and credential theft attacks that make up email impersonation reached their highest percentage of share of all email threat volume, contributing to more than 97% of attacks reported by end users. In this series, we look at the top email impersonation threats...
Blog

The Rise in Hybrid Vishing: How Spoofed Phone Numbers Are the Top Email Threat to Bypass SEGs

Email attacks using impersonation as their primary means of success are the top threats making it past Secure Email Gateways. These socially engineered messages have gradually increased in volume to overtake more malicious links or attachments typically used in payload campaigns targeting businesses. In this series, we look at the top email impersonation threats based on the reported volume in...
Blog

Emotet Returns from Hiatus, Trails QBot in Q1 Volume

QBot and Emotet payloads contributed to more than 93% of reported payload volume in Q1, according to Fortra’s PhishLabs. While QBot represented the majority of attacks, this is the first known activity by Emotet actors since 2022 and the largest spike in Emotet reports since Q2 of last year. Email payloads remain the primary delivery method of ransomware targeting organizations. PhishLabs’...
Blog

What to Know About Business Email Compromise (BEC) Scams

Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of...
Blog

What is the Relationship Between Ransomware and Phishing?

Ransomware and phishing are usually put in two separate categories when cyberattack methodologies are discussed. However, ransomware operators are increasingly leveraging phishing tactics to deploy their malicious payloads, and the potential for compromise is exponentiating as a result. Ransomware and Phishing - a match made in heaven Phishing is the number one delivery vehicle for ransomware,...
Blog

DRP Solutions Market Guide

The demand for Digital Risk Protection (DRP) is on the rise as cybercriminals are increasingly targeting businesses on channels outside the corporate firewall. According to Frost & Sullivan’s 2022 Frost Radar Global DRP Report, the traditional security perimeter has changed, and unlike phishing attacks that can be managed and mitigated through internal controls, these threats live on spaces not...
Blog

Stolen Credit Union Data on Dark Web Hits High in Q4

In Q4, Dark Web activity targeting Credit Unions reached its highest count in five consecutive quarters, according to Fortra’s PhishLabs. Attacks on Credit Unions jumped significantly during the second half of 2022, with threat actors advertising stolen card data from these institutions almost as frequently as National/Regional Banks. Data tied to financial institutions is considered especially...
Blog

Impersonation Represents the Top Social Media Threat in Q4

Social media attacks targeting organizations closed out 2022 nearly 19% higher than Q4 of 2021, according to Fortra’s PhishLabs. Social platforms continue to act as a hotbed for malicious activity, leaving organizations of all sizes vulnerable to impersonation and abuse. As of Q4, businesses can expect an average of 72.54 attacks on social media per month. PhishLabs analyzes hundreds of...
Blog

Response-Based Email Attacks Reach Inboxes More Than Any Other Threat in Q4

In Q4, Response-Based phishing attacks were the top reported threat by end users, according to Fortra’s PhishLabs. While threats categorized as Credential Theft and Malware continue to bypass even the top secure email gateways, this is the second consecutive quarter where Response-Based attacks have led all categories. Response-Based attacks typically lack malicious indicators and instead rely...
Blog

More than Half of All Phishing Sites Impersonate Financials in Q4

Phishing sites impersonating reputable organizations continue to represent the top online threat to businesses and their brands. In Q4, Financial Institutions were targeted most by credential theft phish, experiencing the largest share of malicious sites recorded since 2021, according to Fortra’s PhishLabs. Within the group, criminals capitalized on the broad customer bases and recognizable names...
Blog

Digital Journal: Hackers Using Steganography Tactics for Malware Attacks

Cybercriminals are increasingly using steganography to hide malware in phishing attacks targeting businesses. Read Digital Journal’s interview with Alyn Hockey, Fortra’s VP of Product Management, to learn why this tactic is particularly difficult to detect, and what security teams can do to avoid falling victim. Check out the article here. if(window.strchfSettings === undefined) window...
Blog

What is Whaling Phishing How Does it Work?

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible. Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C...