Domains are some of the most highly abused tools threat actors use to manipulate victims and execute phishing attacks. In the latest PhishLabs Quarterly Threat Trends & Intelligence report, we break down how actors are abusing Legacy Generic (gTLD) and Country Code (ccTLD) Top-level domains, HTTPS, and free security certificates to target enterprises. Top-level Domain Abuse Percent of Phish...

Social media threats targeting enterprises have increased 47% since January 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report. While the attack volume varies by industry, today the average organization is being targeted on social media with increasing frequency. Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks...

Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks targeting enterprises. In this post, we discuss the top threats reaching corporate inboxes based on incidents detected and mitigated with our Suspicious Email Analysis solution. Reported Threats in Corporate Inboxes Credential Theft Credential theft continues to represent the largest...

Brand threats have accounted for 68% of fraud attacks so far this year. Contrary to traditional cyber attacks, which are designed to compromise the infrastructure or circumvent controls, brand threats live outside of the organization’s control and compromise the reputation of your brand. Common types of brand misrepresentation include spoofed emails, social media scams, and fake mobile apps. The...

Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report. The August 2021 report uses data from hundreds of thousands of attacks analyzed and mitigated by PhishLabs to identify the most recent top threats targeting brands and determine emerging trends throughout the threat landscape. Key Findings of the Quarterly Threat...

One piece of evidence that adds value to investigating social media threats is the threat actor’s chosen username. Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms. As we covered in our last OSINT post, connecting all known social media accounts to one user is a critical step in determining risk,...

Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. Avoiding detection increases an attacker’s odds of reaching more victims and achieving a more lucrative outcome. There are many types of evasion techniques that can be used individually or in tandem. In this post we discuss active evasion, restricting by interaction. Restricting by...

Cybercriminals use evasion techniques to bypass scanning technologies and defeat human analysis in order to extend the life of phishing campaigns. There are a variety of evasion techniques and criminals often use multiple variations in tandem. In this post, we focus on active evasion, restricting non-targets by device. Restricting by Device Active evasion is any method an attacker uses to...

In Q2, ransomware made headlines with multiple high-profile attacks and tactics. The largest infrastructure shutdown in U.S. history brought the East Coast to a halt, operators doubled up on ransomware strains, and reported attacks are on track to beat 2020, with numbers already surpassing Q1 by 38%. As ransomware continues to drive data loss and fraud for enterprises and their brands, PhishLabs...

Evasion techniques are methods attackers deploy to extend the life of phishing campaigns. The longer a threat is active, the more opportunity it has to claim victims. Attackers have two objectives when applying evasion techniques: Defeat automated scanning technologies designed to quickly shut down or prevent attacks from going live. Increase the time, cost, and complexity required for...

Cybercriminals continue to heavily abuse domains to launch phishing attacks. PhishLabs’ analysis of Q1 phishing attacks has found that: 96% used Legacy Generic (gTLD) or Country Code (ccTLD) Top-level Domains Almost 83% abused HTTPS Domain Validated (DV) Certificates were used 94.5% of the time For this analysis, PhishLabs looked at three categories of TLDs: Legacy gTLDs, ccTLDs,...

In Q1, PhishLabs analyzed hundreds of thousands of phishing attacks and found more than 62% abused legitimate no-cost tools or services. >> Access the Report In this post, we take a look at findings from our Q1 Threat Trends and Intelligence Report and review the free services that were most commonly abused to stage phishing sites. Methods of Staging Phishing Sites ...

In Q1, PhishLabs analyzed and mitigated hundreds of thousands of phishing attacks that targeted corporate users. In this post, we break down these attacks and shed light on the phishing emails that are making it into corporate inboxes. Threats Found in Corporate Inboxes Credential Theft Credential theft attacks continue to be the most prolific threats observed in corporate inboxes....

Phishing is on the rise. PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020. This trend is continuing as Q2 attacks are also up significantly year-over-year. Last year, phishing spiked in late Q1 and Q2 as threat actors took advantage of pandemic-related fear and uncertainty. This year, we are seeing an even greater increase in attacks. ...

Phishing attacks in Q1 have increased 47% compared to last year, according to PhishLabs newly released Q1 2021 Threat Trends & Intelligence Report. The report uses data collected from hundreds of thousands of attacks analyzed and mitigated by PhishLabs in Q1 to identify top threats targeting enterprise brands, and determine emerging trends throughout the threat landscape. Key findings of...

Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be instantly identified as suspicious. Because brand impersonation is so broadly used across the threat landscape, security teams need to have complete visibility into the top brand...

Digital brand protection is defined as comprehensive intelligence sourcing and mitigation of external threats targeting your brand. Digital brand abuse can occur anywhere online. Therefore, it is necessary to have proactive and comprehensive detection capabilities across digital channels to prevent revenue loss and reputation damage. Efficient brand protection requires more than simply...

In 2020, ransomware attacks in the U.S. increased 139% year-over-year. Attacks are more strategic, demands are higher, and new tactics have emerged that leave victims experiencing the pressure to pay. Organizations that are affected by ransomware believe they are left with one of two choices: Refuse to meet ransom demands and risk the loss of data or, pay the ransom and hazard it released...

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google's malware detection and is targeting a broad spectrum of both financial and non-financial apps. So far, Alien has been connected with 87 new brands previously not targeted by Cerberus. Cerberus versus Alien...

Malicious payloads delivered via email phishing continue to drive access to sensitive infrastructures and result in data compromise for enterprises. In Q1 of 2021, attack methods including malware campaigns have contributed to a 564% increase in individuals affected by a data leak, as well as a 12% increase in publicly-reported compromise. As we continue to see leaks and widespread reports...