Blog
Blog

BankBot Anubis Still a Threat, Gets Upgrade

Wed, 08/08/2018
  Over the past few years mobile banking trojans have been a persistent threat. While Windows desktops and laptops once made up the lion's share of Internet traffic, mobile devices (particularly Android) have long since become the most common means of browsing the web. With banking trojans now incorporating such a wide range of malicious functionality, it's hardly surprising...
Understanding Why Spear Phish Are Highly Effective
Blog

Understanding Why Spear Phish Are Highly Effective

Thu, 07/19/2018
  In the Oscar-winning movie The Sting, Harry Gondorff (played by Paul Newman) explains to his apprentice Johnny Hooker (Robert Redford) that the con that they set up must be so convincing that their mark, Doyle Lonnegan (Robert Shaw) won't even realize that he's been taken. Today, Gondorff and Hooker might not have needed to use a past-posting scheme to con Lonnegan. Instead...
How To Tackle the Hidden Threat of Social Media
Blog

How To Tackle the Hidden Threat of Social Media

Tue, 07/17/2018
  As a marketer I am all too familiar with how social media can benefit or damage a brand. On the one hand, social media offers an easy and (sometimes) free way to communicate with customers, prospects, and partners that many brands have used to great advantage. But on the other hand, it's yet another source of potential threats to an organization's infrastructure and...
Adwind Remote Access Trojan Still Going Strong
Blog

Using Reported Phish to Hunt Threats

Tue, 07/10/2018
  Reported phishing emails are useful for plenty of reasons. They help you measure cyber risk, study common attack trends, and even provide inspiration for your own phishing simulations. One of the security functions that benefit most from reported phishing emails is threat hunting, the process of identifying threats quickly so they can be contained before any major damage...
WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017
Blog

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Tue, 05/08/2018
  Ransomware. The word strikes fear into the hearts of hospital administrators, local government officers, and small business owners everywhere. After exploding in 2016, ransomware has been covered extensively by media outlets and security experts, to the point where most organizations have started to take at least some action to mitigate their exposure. But have these...
Silent Librarian University Attacks Continue Unabated in Days Following Indictment
Blog

Silent Librarian University Attacks Continue Unabated in Days Following Indictment

Thu, 04/05/2018
  On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world. If you've been following our blog (or the news), you already know the actors are associated with an organization called the Mabna Institute, and are responsible for stealing more than 31 terabytes of data...
Blog

Silent Librarian: More to the Story of the IranianMabna Institute Indictment

By Jessica Ryan on Mon, 03/26/2018
  Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3...
New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users
Blog

New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

Tue, 03/13/2018
  A newly observed variant of BankBot has been discovered masquerading as Adobe Flash Player, Avito, and an HD Video Player. This variant, now detected by PhishLabs as BankBot Anubis, was first identified on March 5, 2018.  BankBot Anubis takes mobile threats to the next level incorporating ransomware, keylogger abilities, remote access trojan functions, SMS interception,...
The 11 Types of Reported Emails
Blog

The 11 Types of Reported Emails

Thu, 01/18/2018
  You receive an email, you are unfamiliar with the sender's name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back. Malicious Versus Benign According to Symantec, 55.5 percent of business emails are considered spam emails, with the average...
Adwind Remote Access Trojan Still Going Strong
Blog

Adwind Remote Access Trojan Still Going Strong

Wed, 11/01/2017
   A Java-based Adwind Remote Access Trojan campaign has been observed sending spam emails containing a malicious JAR file under the guise of “Request For Quotation,” “Transfer Import,” “Swift Copy,” “Proforma Invoice,” “DHL Delivery Notification” and many others.  Adwind, also known as jRAT and JSocket, is a cross-platform remote access tool designed to run on Mac OS, Windows...
Nigerian 419 Scams: How to Spot a Phish
Blog

Nigerian 419 Scams: How to Spot a Phish

Wed, 10/11/2017
  All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works. Today, we’re a true phishing classic: Nigerian 419 scams. We've put the 15 best practices for spotting...
BEC Scams: How to Spot a Phish
Blog

BEC Scams: How to Spot a Phish

Tue, 10/10/2017
  All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works. Today, we’re exploring one of the most audacious phishing tactics: Business email compromise (BEC) also...
How To Build a Powerful Security Operations Center, Part 2: Technical Requirements
Blog

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Wed, 04/19/2017
  In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC). And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started. In this post, we’re going to take a...
How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics
Blog

How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics

Fri, 04/14/2017
  There’s a certain mystique and excitement surrounding the idea of a security operations center. It puts your in mind of a mission control style room, possibly in an underground bunker, where people in uniforms shout orders and spend all their time responding to imminent threats. And in a world where cyber attacks have become a daily reality, and even midsize organizations...
When Good Websites Turn Evil: How Cybercriminals Exploit File Upload Features to Host Phishing Sites
Blog

When Good Websites Turn Evil: How Cybercriminals Exploit File Upload Features to Host Phishing Sites

Thu, 08/25/2016
  Compromised websites are an integral part of the cybercrime ecosystem. They are used by cybercriminals to host a wide range of malicious content, including phishing sites, exploit kits, redirects to other malicious sites, and other tools needed to carry out attacks.  Why? One reason is because there is an abundance of insecure websites around the world that can be easily...
Alma Ransomware: Analysis of a New Ransomware Threat (and a decrypter!)
Blog

Alma Ransomware: Analysis of a New Ransomware Threat (and a decrypter!)

Wed, 08/24/2016
  With low overhead and risk of prosecution, ransomware attacks have outpaced banking Trojans in sheer number of incidents, if not profit.  Ransomware’s rapidly growing popularity has spawned dozens of variants, subtypes, and families as threat actors seek to outmaneuver researchers and competitors. In this dynamic threat landscape, alongside monitoring the established...
Olympic Vision Keylogger and BEC Scams
Blog

Olympic Vision Keylogger and BEC Scams

Tue, 05/24/2016
  During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment...
Fraudsters Take Advanced Fee Scams to the Next Level
Blog

Fraudsters Take Advanced Fee Scams to the Next Level

By Jessica Ryan on Tue, 12/16/2014
We've all seen them before. The late prince Abdul has left us millions in inheritance and we need only provide a minor convenience fee to receive the funds. Advanced fee scams are nothing new and have been circulating the Internet since its inception. Until now, scammers have relied on email correspondence and convincing legal jargon to con victims out of their hard-earned...
Vulnerabilities found in Dendroid mobile Trojan
Blog

Vulnerabilities found in Dendroid mobile Trojan

Mon, 08/18/2014
  On Friday, the full source code of the Dendroid Remote Access Trojan (RAT) was leaked. Dendroid is a popular crimeware package that targets Android devices and is sold on underground forums for $300. Usually the source code for botnet control panels is encrypted, so it was surprising to find the full source code for the Dendroid control panel included in the leaked files....
Phishing Takedown Anti-Phishing Phishing Protection
Blog

Phishing Takedown Anti-Phishing Phishing Protection

Tue, 04/08/2014
  Phishing is a prevalent problem for businesses, particularly financial institutions. Over the years, many services have emerged to help organizations address phishing attacks that are targeting their customers' accounts. When seeking solutions, businesses find they have several options to choose from. These fall into three categories: Phishing takedown services Anti...