Phish Labs Phishing News

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sample 1: Vishing Example Sample 2: Office365 Phishing Example Sender Verification

What’s the difference between UDRP Domain Takeovers and Domain Takedowns?In the world of domain ownership, the need for disputes and enforcement can occur. But how should they be handled? What’s the difference between Uniform Domain-Name Dispute-Resolution Policy (UDRP) domain takeovers and a domain takedown? Let’s take a closer look at the processes.

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sender Verification

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. To protect the privacy of Fortra’s clients, the brand targeted in this attack has been anonymized and is generically referred to as “Brand” whenever their name appears in the context of this attack campaign.Sample Email Lure Sender Verification

According to Cybersecurity Ventures, cybercrime would be the world’s third-largest economy (after the U.S. and China) if measured as a country as its damages may total $9.5 trillion globally in 2024. While this may be a surprising stat, it should reiterate the importance of your cybersecurity plan and solutions. External threats play a large part in digital threat landscape, and like the name suggests, external threats are those that come from outside of your organization.

Every day, the digital threat landscape morphs as threat actors come up with new ways to infiltrate and succeed against your organization. To take proactive measures against cyber threats, organizations need threat detection strategies.Of the three forms of threat intelligence (strategic, operational, and tactical), tactical threat intelligence is the most directly actionable. This form of threat intelligence is meant for direct consumption by security practitioners or automated systems, and usually consists of threat data such as indicators or heuristics. It has two primary purposes.

Fortra’s PhishLabs announces a new, native integration for stronger brand protection with digital banking platform, Jack Henry Banno. This significant update will help PhishLabs and Banno customers identify phishing quicker and more accurately. “This integration is a win for all involved. It simplifies the process for our customers, ensures the secure handling of low-sensitivity data, and enables us to detect attacks much sooner – in some cases before they reach the targeted customer,” explains Eric George, director, Fortra solutions engineering.

Cyberattack anatomies are a detailed outline of various attack methodologies, techniques, and tactics. This blog post will outline the anatomy of a recent smishing campaign identified by Fortra’s threat researchers.

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sender Verification

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure

One of the most used phishing-as-a-service platforms, LabHost, has been taken down by an international group of law enforcement authorities coordinated by Europol. Fortra has closely monitored LabHost and has mitigated tens of thousands of phishing attacks carried out by cybercriminals using the platform in recent years. LabHost is estimated to have obtained 480,000 card numbers, 64,000 PIN numbers, and no less than one million account passwords. Earlier this year, we published a detailed profile on LabHost.

Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now commonly exploited by cybercriminals. Today, it is considered widely used for phishing purposes, with a recent study showing one in four phishing sites using some form of this technique.

Credit unions were the top targeted industry on the Dark Web in Q4 2023, continuing its lead over the historically targeted banking industry for the third consecutive quarter. Financials as a whole continue to be a primary focus of criminal groups on underground channels, with more than 91% of malicious activity directed at either credit unions, banks, financial services, or payment services.

In Q4, impersonation threats made up more than 45% of total attacks on social media, with the vast majority targeting banking and financial services. Impersonation on social media continues to grow, with threats specifically targeting corporate executives responsible for driving the majority of volume for three consecutive quarters.

In Q4, three malware families represented more than 93% of all payload volume targeting end users, with Malware-as-a-Service (MaaS) DarkLoader leading all other reports. Fortra first received reports of DarkLoader in user inboxes in Q3, with attack volume picking up significantly beginning in October. The shift to criminal activity associated with DarkLoader comes after coordinated efforts by officials in Q3 to disrupt former malicious powerhouse QBot.

Compare Phishing Performance With Global Results The results are in! Fortra’s Terranova has recently made the 2023 Gone Phishing Tournament results available for review. More than 250 organizations participated globally in the free annual phishing simulation training. Hosted in October 2023, the event helps organizations and security leaders better understand high-risk areas, compare phishing performance, and establish data-driven goals with accurate benchmarking data.

The majority of malicious emails reported in user inboxes contained a link to a phishing site, making credential theft emails the attack method of choice for cybercriminals in Q4. Credential theft made up nearly 60% of all reported incidents, with more than half of the volume attributed to O365 attacks. Despite the threat actor preference toward this threat type, credential theft attacks declined as a whole in Q4, with increased reports of response-based and malware attacks reaching inboxes.

Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access to an array of stolen industry branding, monitoring tools, security bypass abilities, and more.

Phishing sites impersonated the social media industry more than any other in Q2, Q3, and Q4 of 2023. In Q4 alone, social media phish leapt nearly 20%, reaching the highest volume of abuse (over 67%) since Fortra has reported on this data point.Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this post, we break down the latest phishing activity, staging methods, and top-level domain abuse.

Historically, the average brand is targeted by 40 look-alike domains per month. Look-alikes are a strategic component of malicious lures and websites and used in a variety of spaces including social platforms, text messages, the open web, and email. An attack that incorporates a look-alike domain can mean the difference between a convincing campaign and a suspicious one, with a versatility that allows them to mislead victims and their security tools.

Most organizations have security controls in place to inspect URLs in emails to prevent the risk of credential phishing and business email compromise (BEC) attacks. However, threat adversaries have pivoted their tactics to bypass security stacks. And clicking these types of attacks often leads to account takeover. In fact, data from Fortra’s PhishLabs in Q2 2023 reported more than three-quarters of credential theft attacks stemming from a link pointing victims to malicious websites.

Executive impersonation on social media is at an all-time high as threat actors take advantage of AI to improve and scale their attacks. In Q3, accounts pretending to belong to high-ranking executives on social media climbed to more than 54% of total impersonation volume, surpassing brand attacks for the first time since Fortra began tracking this data. The volume and composition of these attacks strongly indicates they are crafted using generative AI.

In this Tripwire guest blog, we break down how to best communicate the significance of a cybersecurity investment.

How will the digital risk and email security landscape evolve in 2024? In this VM Blog article, Eric George discusses the industry’s future and shares his seven predictions for 2024. Originally published in VM Blog. Excerpt:

It’s not news that most enterprises operate in the cloud. Migration to the cloud leads to better collaboration, data storage, and lower costs compared to on-premises resources. Odds are your organization is currently enjoying the conveniences of the cloud. The cloud has reshaped the way organizations operate, but with the migration comes new obstacles in email security, and the cloud has its own vulnerabilities. Relying on Microsoft’s add-on security features is simply not enough at stopping advanced threats.

As we approach the end of the year, LastPass Labs has reviewed the last 12 months to take account of the threat environment and how it has changed, as well as our accomplishments. Throughout 2023, the Threat Intelligence, Mitigation, and Escalations (TIME) team focused on rapidly expanding our capabilities to protect our customers from phishing sites and/or infostealers.

There is little doubt that AI-fueled impersonation campaigns and novel attacks via non-traditional channels have emerged as a primary concern for security teams. Brand impersonation is on the rise, with nearly 40 look-alike domains targeting brands each month. On social media, impersonation attacks account for almost half of all threatening content. And online counterfeit campaigns are increasingly abusing trademarked materials in paid search ads and direct messages to convince victims of their legitimacy.

Google and Yahoo announced new email authentication requirements for those sending email to their users, with a rapid deadline of February 2024. At Fortra, we commend this push to require email authentication as a huge step in the ongoing fight against spoofing and abuse. But if the requirements are not in place by the deadline, certain emails may no longer be delivered. This could prove detrimental to organizations relying on email for invoices, marketing, and other business transactions.

The scope of intelligence on underground marketplaces is vast and navigating the dark web in search of brand mentions and potential threats can be time-consuming and complex. In order to proactively defend against attacks and mitigate the threat of leaked information, organizations should consistently monitor marketplaces and forums for data pertaining to their brand. If questionable data is detected, understanding next steps is critical to minimizing risks to your brand, employees, and customers.

QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021.