Resources

Blog

QBot Operations Peak Pre-Takedown, O365 Attacks Increase in Q2

Cybercriminals doubled down on popular threat types and preferred malicious software in Q2, with O365 phish and QBot malware dominating inboxes by significant margins. QBot operations eclipsed all other malware once again, reaching their highest volume of share just before a multinational takedown Tuesday removed malicious code from more than 700,000 computers. Similarly, but lacking in...
Blog

The Top Three Domain Protection Best Practices

Domain Impersonation: When Imitation Is Not the Sincerest Form of Flattery It’s no secret that an organization’s domain is a critical piece of the organization’s identity and business. People rarely need to manually enter a website address in their browser as search engines can give people a list of domains after entering just 2-3 letters. But how many people pay close attention to a domain...
Blog

Original Research from Fortra Reveals Pervasiveness, Types of Look-Alike Domains Targeting Brands

In the ever-evolving landscape of cybercrime, look-alike domains remain a constant component in the vast majority of threats. Look-alike domains or, URLs that resemble those of a legitimate brand, can cause significant damage to brand reputation by way of fraudulent websites, phishing schemes, malware distribution, and more. Original research conducted by Fortra’s PhishLabs analyzes how look...
Blog

The Use of Natural Language Processing for Identifying and Mitigating Threats

As technology advances, the battle between cyber criminals and organizations intensifies. Cyber threats have become more sophisticated, complex, and widespread, posing a significant risk to the security and integrity of sensitive data. In Q1 2023 alone, the number of global cyber attacks increased by 7%, with an average of 1,248 attacks reported per week. In a separate report by The Independent...
Blog

Phishing Sites Impersonating Social Media Jump in Q2

In Q2, phishing attacks targeting social media platforms increased more than 23%, according to Fortra’s PhishLabs. This is the greatest volume of attacks on social media in two years and puts the industry ahead of historically top targeted financial institutions. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this...
Blog

Social Media Security Awareness: What you Should Know

The latest Verizon Data Breach Investigations report indicates that over 70% of data breaches involved the human element. Cybercriminals exploit people to trick them into clicking unsafe links, opening malicious attachments, entering their credentials into bogus login pages, sharing sensitive data, and authorizing fraudulent fund transfers. One area where many exploits take place is on social...
Blog

Q2 Payload Report

QBot dominated as the top payload in Q2 with more than 95% of reported volume, according to Fortra’s PhishLabs. This is the third consecutive quarter QBot has led all other malware varieties by a significant majority. QBot was also consistently reported as a top payload in 2022, falling second only to Emotet and Redline Stealer before its current streak. Email payloads remain the primary delivery...
On-Demand Webinar

Social Media Intelligence: Real World Threats, Real World Impact

Each day, 3.5 billion people use some form of social media. This is close to half of the global population. Because of the wide spread use and adoption of these various platforms, threat actors are increasing the abuse of both the brands and their accounts faster than any other digital medium. Moreover, most platforms lack the necessary security controls to protect their users. This creates a...
Blog

The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC

Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation...
Blog

Common Social Media Scams and How to Avoid Them

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media...
Blog

The Royal BlackCat Ransomware: What you Need to Know

The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that organizations can take to protect against them. What is...
Blog

DMARC Quarantine vs. DMARC Reject: Which Should You Implement?

You did it! You can now take a quiz and accurately answer "What Is DMARC?"! Next you've generated your DMARC record, implemented your policy, and authenticated your email domains. DMARC is no easy feat in itself and now, after DNS requests, third-party conference calls and writing internal policies, you are ready...to enforce a stricter DMARC policy! If your DMARC policy has been set to p=none...
Blog

Understanding how Polymorphic and Metamorphic malware evades detection to infect systems

Polymorphic and metamorphic malware constantly changes itself in order to avoid detection and persistently remain on the system. This adaptive behavior is the main distinctive attribute of these types of malware, which is also why they are harder to detect; it is also why they pose a great threat to systems. On the surface, the functionality of this sort of changing and mutating malware appears...
Blog

99% of User-Related Threats Are Email Impersonation Attempts

Threats in corporate inboxes hit new highs with a quarter of all reported emails classified as malicious or untrustworthy. 99% of these threats were email impersonation threats, such as BEC and credential theft lures, that lack attachments or URLs delivering malware payloads. Cybercriminals continue to bypass traditional email security tools and reach end users by impersonating individuals,...
Blog

Dark Web Focus on Credit Unions Increases in Q1

In Q1, Credit Unions nearly surpassed Banking Institutions as the top targeted industry on the dark web. Just under 36% of stolen card data on dark web platforms was linked to Credit Unions, marking the fourth consecutive quarter the industry has seen an increase in malicious activity. Every quarter, Fortra’s PhishLabs analyzes hundreds of thousands of attacks targeting enterprises and our...
Blog

Social Media Attacks Targeting Banks and Retail Climb in Q1

Social media attacks targeting businesses have jumped 12.2% in Q1 from the previous quarter, according to Fortra’s PhishLabs. Attacks on social channels are also trending higher than Q1 2022, with the average business experiencing more than 81 attacks per month. External platforms, such as social media, are widely used by cybercriminals to engage in fraud and distribute misinformation. Threatening...
Blog

Untrustworthy Email in Inboxes Reaches All-Time High

In Q1, the volume of emails classified as malicious or do not engage reached nearly a quarter of all reported emails. This is the highest combined volume of these categories since Fortra’s PhishLabs has documented this data point. Of those classified as malicious, threats considered email impersonation or, those lacking known signatures, made up a significant 98.7%. Every quarter, PhishLabs...
Blog

Free Domain Abuse Plummets in Q1 as Staging Methods Shift

Free domain registrations used to stage phishing sites have experienced a significant drop in activity, contributing to just under 2% of phishing abuse in Q1. Free domain registrations and other no-cost means of staging phishing infrastructures are historically a favorite of threat actors. While no-cost methods as a whole did make up the majority of abuse in Q1, the decline in free domains can be...
Blog

Top Fraudulent Activity Targeting Retail on the Dark Web - Part Two

The dark web is a haven of stolen goods and data, and limited visibility into activity targeting your brand leaves organizations at risk. Malicious behavior takes many forms, and a lack of understanding of what or how an asset is exposed on underground channels can lead to brand damage and financial loss. Detecting stolen data on the dark web is demanding, as navigating volatile marketplaces can...
Blog

Top Fraudulent Activity Targeting Retail on the Dark Web

Bad actors use the dark web to exchange compromised data and goods anonymously, often unnoticed by the victim organization. Malicious activity can manifest in many ways on underground channels and, because of the technical obstacles associated with accessing the dark web, visibility can be limited, making it difficult to know which assets might be at risk. If sensitive information is left...