Blog

Blog

O365 Volume Up in Q4 as Cybercriminals Target Brands in Credential Theft Attacks

The majority of malicious emails reported in user inboxes contained a link to a phishing site, making credential theft emails the attack method of choice for cybercriminals in Q4. Credential theft made up nearly 60% of all reported incidents, with more than half of the volume attributed to O365 attacks. Despite the threat actor preference toward this threat type, credential theft attacks declined...
Blog

Phishing-as-a-Service Profile: LabHost Threat Actor Group

Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access...
blog

Record Number of Phishing Sites Impersonate Social Media to Target Victims in Q4

Phishing sites impersonated the social media industry more than any other in Q2, Q3, and Q4 of 2023. In Q4 alone, social media phish leapt nearly 20%, reaching the highest volume of abuse (over 67%) since Fortra has reported on this data point. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this post, we break down...
Blog

How Threat Actors will Leverage Domain Impersonation in 2024

Historically, the average brand is targeted by 40 look-alike domains per month. Look-alikes are a strategic component of malicious lures and websites and used in a variety of spaces including social platforms, text messages, the open web, and email. An attack that incorporates a look-alike domain can mean the difference between a convincing campaign and a suspicious one, with a versatility that...
Blog

Executive Attacks on Social Media Hit All-Time High as Analysts Point to AI

Executive impersonation on social media is at an all-time high as threat actors take advantage of AI to improve and scale their attacks. In Q3, accounts pretending to belong to high-ranking executives on social media climbed to more than 54% of total impersonation volume, surpassing brand attacks for the first time since Fortra began tracking this data. The volume and composition of these attacks...
Blog

Cybercriminal Focus in the New Year – Top 2024 Threat Trends

Criminals are constantly innovating ways to enhance deliverability and increase the success of their campaigns. Email phishing remains one of the most significant threats to organizations, but a growing number of campaigns are first touching victims via non-traditional lures or through engagement on platforms where users are more susceptible to scams. Understanding how online threats are evolving...
Blog

Getting the Board on Board: Explaining Cybersecurity ROI

In this Tripwire guest blog, we break down how to best communicate the significance of a cybersecurity investment. Despite increasing data breaches, ransomware attacks, and assorted cyber threats, convincing the Board of Directors to invest in robust cybersecurity isn't always easy for many businesses. The challenge originates mainly from the need to demonstrate a quantifiable Return On Investment...
Blog

VM Blog: Braving the Digital Risk & Email Security Landscape

How will the digital risk and email security landscape evolve in 2024? In this VM Blog article, Eric George discusses the industry’s future and shares his seven predictions for 2024. Originally published in VM Blog . Excerpt: “AI and ML will enhance capabilities on both sides of the cyber landscape – for good and bad. On the defensive side, those protecting the targets will use advanced data...
blog

Dark Web Threats Targeting the Airline Industry

The allure of airline status and points, along with the abundance of personally identifiable information (PII) of customers and employees, make the airline industry a prime target for threat actors on the dark web. Depending on the goal of the actor and the nature of the stolen data, criminals can find airline-specific materials for sale on a variety of markets. Nick Oram, security operations...
Blog

The Email Security Gaps in Your Cloud

It’s not news that most enterprises operate in the cloud. Migration to the cloud leads to better collaboration, data storage, and lower costs compared to on-premises resources. Odds are your organization is currently enjoying the conveniences of the cloud. The cloud has reshaped the way organizations operate, but with the migration comes new obstacles in email security, and the cloud has its own...
Blog

LastPass Fortra's PhishLabs Partnership: A Focus on Proactive Customer Protection Pays Off in 2023

As we approach the end of the year, LastPass Labs has reviewed the last 12 months to take account of the threat environment and how it has changed, as well as our accomplishments. Throughout 2023, the Threat Intelligence, Mitigation, and Escalations (TIME) team focused on rapidly expanding our capabilities to protect our customers from phishing sites and/or infostealers. A major part of this...
Blog

Brand Threats Masterclass: Experts Reveal Top Attacks and Defense Tactics

There is little doubt that AI-fueled impersonation campaigns and novel attacks via non-traditional channels have emerged as a primary concern for security teams. Brand impersonation is on the rise, with nearly 40 look-alike domains targeting brands each month. On social media, impersonation attacks account for almost half of all threatening content. And online counterfeit campaigns are...
Blog

Google and Yahoo Take Stance on Email Authentication

Google and Yahoo announced new email authentication requirements for those sending email to their users, with a rapid deadline of February 2024. At Fortra, we commend this push to require email authentication as a huge step in the ongoing fight against spoofing and abuse. But if the requirements are not in place by the deadline, certain emails may no longer be delivered. This could prove...
Blog

How Organizations Can Use Dark Web Intelligence

The scope of intelligence on underground marketplaces is vast and navigating the dark web in search of brand mentions and potential threats can be time-consuming and complex. In order to proactively defend against attacks and mitigate the threat of leaked information, organizations should consistently monitor marketplaces and forums for data pertaining to their brand. If questionable data is...
Blog

Q3 Payload Report

QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021. While QBot led all other...
Blog

New Cyber Security Intelligence Article Covers Fortra’s Insights, Actions Against QR Phishing

QR phishing is currently considered a high priority risk capable of bypassing existing security controls, according to the latest article from Cyber Security Intelligence. QR Phishing, otherwise known as Quishing, is an extension of phishing attacks that is gaining popularity among threat actors who understand many email systems have difficulty reading the contents of the code. Similar to...
Blog

Threat Actor Profile: Strox Phishing-as-a-Service

Threat Background & History Beginning in the first half of 2022, Fortra has monitored a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout the past two years is known as Strox (aka Strox...
Blog

U.S. News Highlights Fortra’s Tips to Protecting Against 401k Scams

Is your 401k a target for cybercriminals? According to the latest article from U.S. News, warning signs such as missing contributions and unexplained transactions could indicate your retirement funds are at risk. Check out the article here to learn what signs could indicate that something is amiss, and best practices from Fortra’s security expert Eric George on how to protect your accounts.
Blog

Visibility: An Essential Component of Industrial Cyber Security

In July 2021, the White House established a voluntary initiative for industrial control systems (ICS) to promote cooperation between the critical infrastructure community and the federal government. The fundamental purpose of the initiative was “to defend the nation’s critical infrastructure community by encouraging and facilitating the deployment of technologies and systems that provide threat...