Fortra's Terranova Security has released the 2023 Gone Phishing Tournament global results. Learn about the phishing benchmark results and get expert security awareness recommendations.

Is your organisation ready to tackle the new challenge of QR code phishing, also known as quishing? In this TechNewsWorld article, Dr. Steve Jeffery discusses the latest carrier of choice for payloads via email.

QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021. While QBot led all other...

In Q1, Credit Unions nearly surpassed Banking Institutions as the top targeted industry on the dark web . Just under 36% of stolen card data on dark web platforms was linked to Credit Unions, marking the fourth consecutive quarter the industry has seen an increase in malicious activity. Every quarter, Fortra’s PhishLabs analyzes hundreds of thousands of attacks targeting enterprises and our...

Courtesy of Tripwire by Fortra. Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them...

It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks , such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams. Despite billions having...

Qbot payloads targeting enterprises contributed to almost three quarters of all email-based malware since the beginning of 2022. Although reported malware activity among families continues to fluctuate dramatically from quarter to quarter, QBot reports in Q1 represent the highest volume of a single malware variety over the past 12 months. Phishing lures delivering payloads remain the primary...

PhishLabs has recently observed attacks targeting enterprises with Emotet payloads for the first time since January , when coordinated efforts by authorities to disrupt operations led this family of threat actors to halt activity. Emotet’s primary function is providing malicious software initial access to compromised systems. It is one of the most widely distributed and well-connected malware...

Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks targeting enterprises. In this post, we discuss the top threats reaching corporate inboxes based on incidents detected and mitigated with our Suspicious Email Analysis solution. Credential Theft Credential theft continues to represent the largest share of threats targeting corporate inboxes...

Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. Avoiding detection increases an attacker’s odds of reaching more victims and achieving a more lucrative outcome. There are many types of evasion techniques that can be used individually or in tandem. In this post we discuss active evasion, restricting by interaction. Restricting by...

Cybercriminals use evasion techniques to bypass scanning technologies and defeat human analysis in order to extend the life of phishing campaigns. There are a variety of evasion techniques and criminals often use multiple variations in tandem. In this post, we focus on active evasion, restricting non-targets by device. Restricting by Device Active evasion is any method an attacker uses to prevent...

In Q2, ransomware made headlines with multiple high-profile attacks and tactics. The largest infrastructure shutdown in U.S. history brought the East Coast to a halt, operators doubled up on ransomware strains, and reported attacks are on track to beat 2020, with numbers already surpassing Q1 by 38% . As ransomware continues to drive data loss and fraud for enterprises and their brands, PhishLabs...

Recently, we published a piece highlighting early stage loaders often used in ransomware attacks. One of the most prolific was Emotet, which has since been taken down via a coordinated, multi-national effort . How will this impact the threat landscape? In this post, we take a look at loader activity in the aftermath of the Emotet takedown. Predominant Payloads In 2020, Emotet, Trickbot, and...

Ransomware continues to be one of the most impactful threats to enterprises. Aside from external vulnerabilities, its primary delivery method remains email phishing, with links or attachments containing early stage loaders. These loaders initiate attacks by compromising systems and installing additional malware. PhishLabs has analyzed these early stage loaders and observed a dramatic increase in...

The activist group known as Distributed Denial of Secrets (DDoSecrets) has published almost one terabyte of data originally leaked to dark web sites by ransomware operators. In addition, they are privately making another 1.9 terabytes of stolen data available to journalists or academic researchers. The data is just a portion of the terabytes of stolen emails, documents, and photos that DDoSecrets...

While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another layer of complexity to an already difficult decision. Should organizations pay up? Or should they refuse? According to a recent report, it may not matter. Data stolen in ransomware attacks is frequently becoming public even after the victim has paid...

Threat actors are leveraging stolen data to enhance ransomware attacks. Data leaks and ransomware - once considered two distinct threats - are overlapping into a hybrid tactic known as double extortion. While traditional ransomware attacks deny access to valuable systems and data, double extortion threatens to leak sensitive data if the ransom is not paid. Data Leaks on the Rise In Q1, more than 8...

The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood of...

On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked, including those belonging to cryptocurrency companies. What does this mean for enterprises and their security teams? Threat actors...

When the term data leak comes to mind, most enterprises think of the dark web. Although compromised information can damage an organization when distributed through gated and anonymous platforms, we are seeing social channels being used to allow for a more rapid and potentially destructive outcome. These platforms have an overwhelming number of global participants, with almost half of the world's...