Resources

Blog

Look-alike Domain Mitigation: Breaking Down the Steps

Look-alike domains remain some of the most consistent elements of cyber attacks targeting organizations. At a high-level, there are two ways to mitigate the threat of a look-alike domain: remove the threat completely by taking it offline, or block attacks on your users by implementing IT security controls. If we dissect the construction of a look-alike domain, we see where each step in its...
Blog

Year In Review: Ransomware

In 2020, cybercrime has seen a dramatic evolution in ransomware attacks. This threat type has adopted increasingly malevolent tactics and targeted some of the year's most vulnerable industries. Operators are linking up, franchising their attacks, extorting their victims, then expecting organizations to believe them trustworthy. By 2021, ransomware is anticipated to cause $20 billion in loss. ...
Blog

The Anatomy of a Look-alike Domain Attack

Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable brands and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery. Look-alike domains are intentionally misleading to give customers the false impression that they're interacting with trusted...
Blog

The Year In Review: How COVID-19 Has Changed Cyber Security

The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw the first of what would be an onslaught of criminal activity using the pandemic to manipulate users, and over the course of the year these attacks have been modified to reflect local and global fallout. The coronavirus has not only...
Blog

APWG Q3 Report:Four Out of Five Criminals Prefer HTTPS

The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of 2020. Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general...
Blog

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of...
Blog

What is a Look-alike Domain?

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. Cybercriminals register hundreds of thousands of look-alike domains each year with the goal of impersonating legitimate brands and making money, usually by committing fraud. In this post, we'll describe how domains help us communicate on the Internet, the anatomy of a look...
Blog

Phishing Campaign Uses Malicious Office 365 App

Most phishing campaigns use social engineering and brand impersonation to attempt to take over accounts and trick the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim's account without requiring them to give up their credentials to the attackers. In this technique,...
Blog

Top 7 Use Cases for Digital Risk Protection

Today's enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces and transition to new platforms. The external digital landscape is also rapidly expanding, and organizations are being required to conduct business more frequently through non-traditional...
Blog

Ransomware Groups Break Promises, Leak Data Anyway

While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another layer of complexity to an already difficult decision. Should organizations pay up? Or should they refuse? According to a recent report, it may not matter. Data stolen in ransomware attacks is frequently becoming public even after the victim has...
Blog

As Screen Time Skyrockets, So Does Threat of Fake Apps

App downloads fueled by COVID-19 lockdowns leapt to 37.5 billion in Q2 of this year, and collective global app usage is surging. Android users' screen time stands out significantly, with an increase of 25% above the weekly average from the previous year. As apps continue to be an integral part of how we conduct business and perform sensitive tasks, bad actors are using fake and unethical apps...
Blog

How to Detect Look-alike Domain Registrations

Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand's credibility. A spoofed domain is easy and quick to create, and can act as the catalyst for malicious email campaigns and phishing sites. In order to detect and action domain threats targeting your organization, security teams need to implement mature and progressive processes for collection and...
Blog

Encryption to Double Extortion: Ransomware's Rapid Evolution

Threat actors are leveraging stolen data to enhance ransomware attacks. Data leaks and ransomware - once considered two distinct threats - are overlapping into a hybrid tactic known as double extortion. While traditional ransomware attacks deny access to valuable systems and data, double extortion threatens to leak sensitive data if the ransom is not paid. Data Leaks on the Rise In Q1,...
Blog

Limited Impact of Phishing Site Blocklists and Browser Warnings

The life of a phishing site is brief, but impactful. A study published earlier this year found the average time span between the first and last victim of a phishing attack is just 21 hours. The same study observed the average phishing site shows up in industry blocklist feeds nearly 9 hours after the first victim visit. By that time, most of the damage is done. Blocklists are an important...
Blog

$2.3M Stolen from Wisconsin GOP via BEC Attack

With Election Day just around the corner, the Republican Party of Wisconsin revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump. According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor. BEC attacks like this...
Blog

Ryuk Ransomware Targeting Healthcare

As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an increased and imminent cyber threat warning amid growing reports of healthcare providers falling victim to the campaign. The threat actors are using Trickbot (delivered via Emotet) to gain access to target systems and deploy Ryuk....
Blog

How URL Tracking Systems are Abused for Phishing

Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive carriers for phishing URLs. To illustrate how it works, this post breaks down a recently-observed phishing attack that uses Google Ads' tracking system to evade email filters. How it works Piggybacking on a domain is appealing to...
Blog

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been dubbed Planetary Reef. Planetary Reef is most notable in how they host phishing...
Blog

Eliminating the Threat of Look-alike Domains

There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation, as well as diverse registrar requirements for removal, can make mitigating look-alike domains a complex, burdensome, and often ineffective process. In this...
Blog

What is Digital Risk Protection?

Digital Risk Protection is defined as an operational process that combines intelligence, detection, and response to mitigate attacks across the external digital risk landscape. Today's enterprise attack surface is not limited to the corporate network. In fact, the network is just a small slice. When it comes to deciding how and where to attack an enterprise, threat actors have ample opportunity...