A Java-based Adwind Remote Access Trojan campaign has been observed sending spam emails containing a malicious JAR file under the guise of “Request For Quotation,” “Transfer Import,” “Swift Copy,” “Proforma Invoice,” “DHL Delivery Notification” and many others. Adwind, also known as jRAT and JSocket, is a cross-platform remote access tool designed to run on Mac OS, Windows, Linux, and Android...

The notorious Nigerian 419 scams remain a phishing classic. Learn how they work, who they target, and why these schemes continue to fool unsuspecting victims.OverviewCome on now, you’ve seen a few of these in your time. Literally every person who has ever owned an email account has seen a version of the Nigerian Prince scam.But just in case you haven’t, here’s the deal. This scam originated in...

All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works. Today, we’re exploring one of the most audacious phishing tactics: Business email compromise (BEC) also known as CEO scams....

Nation states. Hacktivists. Cyber criminals. There are so many players in the modern threat landscape it can be hard to keep up. And the number of threats? Practically too many to count. By the time you’ve secured your organization against password reuse, DDoS, and crimeware attacks, your resources are likely so diminished there’s no point even thinking about what else could be out there. ...

The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret. And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day. An SMS arrived? Better read it straight away. New email? Let me at it. Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to. The...

Threat intelligence is essential for mitigating phishing risks. By studying past attacks, organizations can identify patterns and indicators to anticipate and prevent future threats.In this post, we explore URL pattern analysis, showing how it can streamline the collection of actionable intelligence and enhance your ability to detect and defend against phishing attacks.The What and Why of URL...

A strong mission, the right team, and a secure location are essential for any Security Operations Center (SOC), but they are only the starting point. Building a high-performing SOC requires a solid technical foundation.In this post, we explore the key technical building blocks of an effective SOC — covering software, hardware, communication platforms, collaboration tools, and project management...

It’s a sobering moment.You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results.But then it happens.Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it.Of course, this isn’t a new story. Threat actors constantly update their tactics to...

Qadars is a sophisticated and dangerous trojan used for crimeware-related activities including banking fraud and credential theft. Qadars targets users through exploit kits and is installed using Powershell Scripts. We have observed Qadars targeting multiple well-known banks in UK and Canada and is capable of stealing infected users' two-factor authentication codes and banking credentials through...

In recent months we’ve written a lot about security awareness and phishing awareness training. It’s an involved topic, clearly, and if you’ve taken away anything we hope it will be this: If you want real, measurable improvements you must test your employees. And when it comes to email security, that means phishing your employees on a regular basis. In this post, we’ll take a deep dive into a...

Everybody knows phishing is costly to their organization. But how costly? Few organizations know for sure.Plenty of studies have claimed to calculate the cost of phishing, but the results are usually hard to swallow. For instance, does phishing cost your organization $1.6 million per incident? Or $3.7 million per year?Perhaps... but probably not.The issue with these figures is that they're...

Frustrating, isn’t it?No matter how much you tweak your spam filters or scan every attachment, a few phishing emails always slip through to your users’ inboxes. You might wonder: is it something you’re doing wrong?Most likely, it’s not. As we’ve discussed before, there’s more to why users fall for phishing scams than simple mistakes. Even with strong security controls, a small percentage of...

We’ve all been there. That awful moment, when you realize it’s happened again.“Why do they never learn?” You ask yourself. “It really isn’t that hard!”Time and time again, your users click on malicious links and attachments in phishing emails, and it seems like no matter what you do to improve their awareness, it never gets any better.So why do they keep falling for phishing scams? Is it just...

Cybercriminals routinely exploit legitimate websites to host malicious content—from phishing pages and exploit kits to redirect links and malware loaders. These compromised sites are essential to cybercrime operations for two key reasons:They’re abundant. Countless insecure websites across the internet provide easy targets.They’re trusted. Recently compromised legitimate domains are less likely to...

With low overhead and risk of prosecution, ransomware attacks have outpaced banking Trojans in sheer number of incidents, if not profit. Ransomware’s rapidly growing popularity has spawned dozens of variants, subtypes, and families as threat actors seek to outmaneuver researchers and competitors. In this dynamic threat landscape, alongside monitoring the established ransomware families for any...

Hackers are once again exploiting Google Ads to target Bitcoin wallet users.In recent campaigns, attackers have used deceptive ads to lure users to lookalike domains—posing serious risks to cryptocurrency holders. Fortra Brand Protection has observed similar tactics used against banks and online gambling platforms over the past year.The latest wave of attacks has focused on popular services like...

During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment confirmation lures. This...

Security education programs are sometimes mandated, always important, and often difficult to justify the investment. It is easy to get the powers that be to sign off on a once-per-year security awareness training program that will satisfy compliance requirements, but we all know by now that compliance does not equal security. The Information Security Forum (ISF) has defined information...