As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an increased and imminent cyber threat warning amid growing reports of healthcare providers falling victim to the campaign. The threat actors are using Trickbot (delivered via Emotet) to gain access to target systems and deploy Ryuk....

Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive carriers for phishing URLs. To illustrate how it works, this post breaks down a recently-observed phishing attack that uses Google Ads' tracking system to evade email filters. How it works Piggybacking on a domain is appealing to...

PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been dubbed Planetary Reef. Planetary Reef is most notable in how they host phishing...

There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation, as well as diverse registrar requirements for removal, can make mitigating look-alike domains a complex, burdensome, and often ineffective process. In this...

Digital Risk Protection is defined as an operational process that combines intelligence, detection, and response to mitigate attacks across the external digital risk landscape. Today's enterprise attack surface is not limited to the corporate network. In fact, the network is just a small slice. When it comes to deciding how and where to attack an enterprise, threat actors have ample opportunity...

Digital Risk Protection continues to gain momentum and attention among CISOs and security professionals. Digital Risk Protection, an operational security function once classified under Threat Intelligence, has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use cases. Many...

Threat actors increasingly use social media to attack brands, VIPs, and customers. The types of threats on these platforms are diverse and each social network has different policies in place for how they respond to reported attacks. As a result, mitigating threats on social media can be a frustrating and time-consuming process for security teams. In this post, we break down some common social...

Social media is rapidly becoming the preferred online channel for threat actors. Almost four billion people use some form of social media, and organizations are increasingly reliant on company pages, executive presence, and positive customer interaction to build a strong brand. As a result, a malicious post or tweet can cause irreversible damage to an enterprise. Last year, 53% of all...

The Anti-Phishing Working Group (APWG) has released its Phishing Activity Trends Report analyzing phishing attacks and identifying theft techniques reported by its members for Q2 of 2020. Key highlights of the report include a significant increase in wire transfer loss attributed to business email compromise (BEC) attacks and a 20% increase in BEC attacks targeting the social media sector. In...

PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers. The threat actor behind the attacks has been designated Royal Ripper. The initial stage of the attack harvests personal information and the sort code of the victim's bank. It then uses the sort code to redirect the victim to a second...

Social media is rapidly growing as a preferred channel for threat actors targeting enterprises with malicious campaigns. Half of the global population uses social media, and a post containing sensitive data or impersonating a high-level executive can be shared instantly, for 3.8 billion people to see. There are many types of social media threats that bad actors use to harm their victims,...

The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood...

Driven by expanding use cases, approachable intelligence, and the incorporation of premium services, demand for Digital Risk Protection Services (DRPS) has grown over the last 12 months and continues to increase. In Gartner's latest Emerging Technologies report, the author cites the broad range of use cases DRPS addresses as one reason for this growth, including: Brand protection (ex:...

On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked, including those belonging to cryptocurrency companies. What does this mean for enterprises and their security teams? Threat actors...

Digital Risk Protection has emerged as a critical new capability for security teams. It protects critical digital assets and data from external threats across surface, dark, and deep web sources. In Gartner's latest Hype Cycle for Security Operations, the author writes “This technology accelerates the breadth and depth of protecting digital assets in an organization by significantly improving...

Threat actors are increasingly registering new domains to launch malicious campaigns against enterprises. Identifying suspicious domains, as well as monitoring existing ones for changes, is an overwhelming and reactive task for many organizations. In order to minimize the risk spoofed domains pose, security teams must be able to efficiently detect abuse and understand what is required to...

Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands. Today, many executives have accounts on these platforms to network as well as post content promoting their companies. Unfortunately, it is easy for bad actors to create fake accounts and reach massive audiences by impersonating well-known individuals. These types of...

Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers. Last year, threat actors hit a significant milestone in this usage when more than 50% of phishing sites...

The Federal Bureau of Investigation (FBI) published a public service announcement Wednesday warning the public of anticipated cyber attacks that exploit increased usage of mobile banking apps. The advisory comes at a time when a vast majority of Americans are working from home due to social distancing, and as a result, rely more on mobile apps to do their banking. According to the report, there...

When the term data leak comes to mind, most enterprises think of the dark web. Although compromised information can damage an organization when distributed through gated and anonymous platforms, we are seeing social channels being used to allow for a more rapid and potentially destructive outcome. These platforms have an overwhelming number of global participants, with almost half of the world...