Resources

Breaking Down Phishing Site TLDs and Certificate Abuse in Q1
Blog

Breaking Down Phishing Site TLDs and Certificate Abuse in Q1

Thu, 06/24/2021
Cybercriminals continue to heavily abuse domains to launch phishing attacks. PhishLabs’ analysis of Q1 phishing attacks has found that: 96% used Legacy Generic (gTLD) or Country Code (ccTLD) Top-level Domains Almost 83% abused HTTPS Domain Validated (DV) Certificates were used 94.5% of the time For this analysis, PhishLabs looked at three categories of TLDs: Legacy gTLDs, ccTLDs,...
62% of Phishing Sites Abuse Free Tools or Services
Blog

62% of Phishing Sites Abuse Free Tools or Services

Thu, 06/17/2021
In Q1, PhishLabs analyzed hundreds of thousands of phishing attacks and found more than 62% abused legitimate no-cost tools or services. >> Access the Report In this post, we take a look at findings from our Q1 Threat Trends and Intelligence Report and review the free services that were most commonly abused to stage phishing sites. Methods of Staging Phishing Sites ...
Credential Theft, O365 Lures Dominate Corporate Inboxes in Q1
Blog

Credential Theft, O365 Lures Dominate Corporate Inboxes in Q1

Mon, 06/14/2021
In Q1, PhishLabs analyzed and mitigated hundreds of thousands of phishing attacks that targeted corporate users. In this post, we break down these attacks and shed light on the phishing emails that are making it into corporate inboxes. Threats Found in Corporate Inboxes Credential Theft Credential theft attacks continue to be the most prolific threats observed in corporate inboxes....
47% Phishing Increase in Q1
Blog

47% Phishing Increase in Q1

Mon, 06/07/2021
Phishing is on the rise. PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020. This trend is continuing as Q2 attacks are also up significantly year-over-year. Last year, phishing spiked in late Q1 and Q2 as threat actors took advantage of pandemic-related fear and uncertainty. This year, we are seeing an even greater increase in attacks. ...
Press Release

PhishLabs Releases Q1 Threat Trends & Intelligence Report

Phishing Attacks Increase 47% in Q1 May 26, 2021, Charleston, SC – PhishLabs, the leading provider of Digital Risk Protection solutions, today released their Q1 Threat Trends & Intelligence Report. PhishLabs analyzed and mitigated hundreds of thousands of attacks targeting enterprise brands and employees in the first quarter of 2021. The report uses data from those attacks to determine key trends...
Q1 2021 Threat Trends Intelligence Report
Blog

Q1 2021 Threat Trends Intelligence Report

By Jessica Ryan on Wed, 05/26/2021
Phishing attacks in Q1 have increased 47% compared to last year, according to PhishLabs newly released Q1 2021 Threat Trends & Intelligence Report. The report uses data collected from hundreds of thousands of attacks analyzed and mitigated by PhishLabs in Q1 to identify top threats targeting enterprise brands, and determine emerging trends throughout the threat landscape. Key findings of...
Top 4 Digital Brand Threats
Blog

Top 4 Digital Brand Threats

By Jessica Ryan on Fri, 05/21/2021
Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be instantly identified as suspicious. Because brand impersonation is so broadly used across the threat landscape, security teams need to have complete visibility into the top brand...
What is Digital Brand Protection?
Blog

What is Digital Brand Protection?

By Jessica Ryan on Wed, 05/19/2021
Digital brand protection is defined as comprehensive intelligence sourcing and mitigation of external threats targeting your brand. Digital brand abuse can occur anywhere online. Therefore, it is necessary to have proactive and comprehensive detection capabilities across digital channels to prevent revenue loss and reputation damage. Efficient brand protection requires more than simply...
Ransomware Playbook: Defense in Depth Strategies to Minimize Impact
Blog

Ransomware Playbook: Defense in Depth Strategies to Minimize Impact

Thu, 05/13/2021
In 2020, ransomware attacks in the U.S. increased 139% year-over-year. Attacks are more strategic, demands are higher, and new tactics have emerged that leave victims experiencing the pressure to pay. Organizations that are affected by ransomware believe they are left with one of two choices: Refuse to meet ransom demands and risk the loss of data or, pay the ransom and hazard it released...
Alien Mobile Malware Evades Detection, Increases Targets
Blog

Alien Mobile Malware Evades Detection, Increases Targets

Tue, 05/04/2021
PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google's malware detection and is targeting a broad spectrum of both financial and non-financial apps. So far, Alien has been connected with 87 new brands previously not targeted by Cerberus. Cerberus versus Alien...
ZLoader Dominates Email Payloads in Q1
Blog

ZLoader Dominates Email Payloads in Q1

By Jessica Ryan on Wed, 04/21/2021
Malicious payloads delivered via email phishing continue to drive access to sensitive infrastructures and result in data compromise for enterprises. In Q1 of 2021, attack methods including malware campaigns have contributed to a 564% increase in individuals affected by a data leak, as well as a 12% increase in publicly-reported compromise. As we continue to see leaks and widespread reports...
Example of a Phishing Email: Breaking Down the Latest O365 Phishing Techniques
Blog

Example of a Phishing Email: Breaking Down the Latest O365 Phishing Techniques

By Jessica Ryan on Thu, 04/01/2021
Microsoft Office 365 phish are some of the most common threats that reach end users inboxes. Over the course of a two-year period, PhishLabs has observed that O365 phish have accounted for more than half of all reported phish by enterprises - by a significant margin. Today, we are highlighting a recent O365 campaign, and breaking down the techniques used to enhance the threat actor's odds of...
Most Phishing Attacks Use Compromised Domains and Free Hosting
Blog

Most Phishing Attacks Use Compromised Domains and Free Hosting

By Jessica Ryan on Wed, 03/24/2021
To stage a phishing site, cybercriminals have several options. They can use a legitimate domain that has been compromised, they can abuse free hosting services, or they can register their own domain. Understanding the prevalence of each scenario is fundamental to detecting and mitigating these threats as early in the attack process as possible (including before they've been launched). PhishLabs...
Surge in ZLoader Attacks Observed
Blog

Surge in ZLoader Attacks Observed

By Jessica Ryan on Tue, 02/23/2021
PhishLabs has observed a spike in malicious emails distributing ZLoader malware. The spike is notably one of the greatest upticks for a single payload observed in a 24-hour period over the past year, and is the first significant sign that another botnet may be stepping up in the aftermath of the Emotet takedown. May 2020 - February 2021 ZLoader Activity ZLoader is one of the most...
OSINT: Mapping Threat Actor Social Media Accounts
Blog

OSINT: Mapping Threat Actor Social Media Accounts

By Jessica Ryan on Mon, 02/15/2021
A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor is imperative in the process of assessing risk. By mapping social media accounts operated by the threat actor, as well as general social media risk monitoring, you can build a more comprehensive profile of the...
Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In
Blog

Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In

By Jessica Ryan on Tue, 02/09/2021
Recently, we published a piece highlighting early stage loaders often used in ransomware attacks. One of the most prolific was Emotet, which has since been taken down via a coordinated, multi-national effort. How will this impact the threat landscape? In this post, we take a look at loader activity in the aftermath of the Emotet takedown. Predominant Payloads In 2020, Emotet, Trickbot, and...
External Data Leaks
Threat Actor using Social Media to Scam Credit Union Members
Blog

Threat Actor using Social Media to Scam Credit Union Members

By Jessica Ryan on Mon, 02/01/2021
Recently, PhishLabs mitigated an attack using a fake social media page to steal the credentials of a credit union (CU) customer. Social media is increasingly used as a vehicle for attacks, and organizations should adopt social media protection measures to stay ahead of threats. The below demonstrates how the attack was executed. The Scam Initially, the threat actor sends the victim a text...
Sharp Increase in Emotet, Ransomware Droppers
Blog

Sharp Increase in Emotet, Ransomware Droppers

By Jessica Ryan on Tue, 01/26/2021
Ransomware continues to be one of the most impactful threats to enterprises. Aside from external vulnerabilities, its primary delivery method remains email phishing, with links or attachments containing early stage loaders. These loaders initiate attacks by compromising systems and installing additional malware. PhishLabs has analyzed these early stage loaders and observed a dramatic increase...
External Data Leaks
Using Social Media OSINT to Determine Actor Locations
Blog

Using Social Media OSINT to Determine Actor Locations

By Jessica Ryan on Tue, 01/19/2021
Obtaining the location of a social media threat actor can provide important information in the process of assessing risk. Verifying a geographical region of a user is vital in determining the credibility and risk level of the posted threatening content. Investigating true locations of threat actors can evidently turn a seemingly baseless low risk social media threat into something that may be...
Activists Leak Data Stolen in Ransomware Attacks
Blog

Activists Leak Data Stolen in Ransomware Attacks

By Jessica Ryan on Thu, 01/07/2021
The activist group known as Distributed Denial of Secrets (DDoSecrets) has published almost one terabyte of data originally leaked to dark web sites by ransomware operators. In addition, they are privately making another 1.9 terabytes of stolen data available to journalists or academic researchers. The data is just a portion of the terabytes of stolen emails, documents, and photos that...
External Data Leaks