As we approach the end of the year, LastPass Labs has reviewed the last 12 months to take account of the threat environment and how it has changed, as well as our accomplishments. Throughout 2023, the Threat Intelligence, Mitigation, and Escalations (TIME) team focused on rapidly expanding our capabilities to protect our customers from phishing sites and/or infostealers. A major part of this...

Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation...

In Q1, Credit Unions nearly surpassed Banking Institutions as the top targeted industry on the dark web. Just under 36% of stolen card data on dark web platforms was linked to Credit Unions, marking the fourth consecutive quarter the industry has seen an increase in malicious activity. Every quarter, Fortra’s PhishLabs analyzes hundreds of thousands of attacks targeting enterprises and our...

The dark web is a haven of stolen goods and data, and limited visibility into activity targeting your brand leaves organizations at risk. Malicious behavior takes many forms, and a lack of understanding of what or how an asset is exposed on underground channels can lead to brand damage and financial loss. Detecting stolen data on the dark web is demanding, as navigating volatile marketplaces can...

Bad actors use the dark web to exchange compromised data and goods anonymously, often unnoticed by the victim organization. Malicious activity can manifest in many ways on underground channels and, because of the technical obstacles associated with accessing the dark web, visibility can be limited, making it difficult to know which assets might be at risk. If sensitive information is left...

In Q4, Dark Web activity targeting Credit Unions reached its highest count in five consecutive quarters, according to Fortra’s PhishLabs. Attacks on Credit Unions jumped significantly during the second half of 2022, with threat actors advertising stolen card data from these institutions almost as frequently as National/Regional Banks. Data tied to financial institutions is considered especially...

Criminals are capitalizing on the urgency behind gift-giving celebrations such as Black Friday, Cyber Monday, Christmas, and Hanukkah. Counterfeit activity has grown more than 50% from September through November, with a 27% increase over the course of November alone, according to Fortra’s PhishLabs. These threats are impersonating brands on social media and the open web to target consumers with...

In Q3, Credit Unions nearly overtook National Banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs. Credit Unions have been increasingly targeted on underground channels, with Q3 2022 representing the highest incident count for the industry in four consecutive quarters. Compromised data associated with Financial Institutions as a whole is...

The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow. Additionally, bad actors are continuously modifying attack...

Retail brands are increasingly targeted with fraudulent advertisements, fake social accounts, and falsely branded websites. These multipronged counterfeit campaigns redirect sales and compromise consumer data using brand recognition, the same component critical to driving sales within the retail industry. The massive expansion of ecommerce and online consumer-to-retail interaction creates a...

Nearly half of stolen data on the Dark Web was marketed through Chat-Based Services in Q2 after a sharp increase in illegal transactions, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report. The advertisement and exchange of stolen information on the Dark Web is volatile due to the constant threat of disruption or seizure by authorities. Often, when one site is...

In Q1, the exchange of sensitive data on Carding Marketplaces and Forums increased as government seizure of multiple Dark Web sites prompted a shift in where actors conduct illegal activities, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report. These sites specialize in the trafficking of stolen credentials and data such as usernames, passwords, banking, and...

In Q3, more than 75% of threats observed on the Dark Web were related to stolen credit card and debit card data, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. While there are significant volumes of malicious activity targeting industries on the Dark Web, the extensive nature of credit card fraud makes this threat type the most pervasive. Every quarter, PhishLabs analyzes...

Ransomware continues to grow as a thriving underground economy with limited risk and little barrier to entry. Ransomware attacks are supported by a robust ecosystem of dark web services, where many of the tasks needed to carry out an attack can be outsourced. These tasks are increasingly available and sold by threat actors who specialize in them. In this post, we take a look at Initial Access...

Cloned and spoofed mobile applications can damage a brand’s reputation and compromise user data. Fake mobile apps are widely available on both third-party and official app stores and rely heavily on brand impersonation to build trust and drive downloads. Many mobile users lack the security posture normally practiced on desktops, leaving devices vulnerable to compromise. Fake Apps Cloned Mobile...

Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be instantly identified as suspicious. Because brand impersonation is so broadly used across the threat landscape, security teams need to have complete visibility into the top brand...

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google's malware detection and is targeting a broad spectrum of both financial and non-financial apps. So far, Alien has been connected with 87 new brands previously not targeted by Cerberus. Cerberus versus Alien...

Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of...

App downloads fueled by COVID-19 lockdowns leapt to 37.5 billion in Q2 of this year, and collective global app usage is surging. Android users' screen time stands out significantly, with an increase of 25% above the weekly average from the previous year. As apps continue to be an integral part of how we conduct business and perform sensitive tasks, bad actors are using fake and unethical apps...

The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood...