Fortra has observed a rising trend in legitimate service abuse, with a significant volume of attacks targeting Cloudflare Pages. Workers.dev is a domain used by Cloudflare Workers’ deployment services, while Pages.dev is used by Cloudflare’s Pages platform that facilitates the development of web pages and sites. Fortra’s Suspicious Email Analysis (SEA) team has identified different threats being...

Fortra has identified active phishing campaigns capable of evading email security gateways and filters. This analysis outlines key tactics, real-world examples, and related threat indicators. Sample Email Lure Sample 1: Vishing Example Sample 2: Office365 Phishing Example Sender VerificationAnalysis:...

In the world of domain ownership, the need for disputes and enforcement can occur. But how should they be handled? What’s the difference between Uniform Domain-Name Dispute-Resolution Policy (UDRP) domain takeovers and a domain takedowns? Let’s take a closer look at the processes.What Is a UDRP Domain Takeover? Established by the Internet Corporation for Assigned Names and Numbers, UDRP is the...

Fortra has identified active phishing campaigns capable of evading email security gateways and filters. This analysis outlines key tactics, real-world examples, and related threat indicators.Sample Email Lure Sender VerificationSender’s Email: no-reply...

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. To protect the privacy of Fortra’s clients, the brand targeted in this attack has been anonymized and is generically referred to as “Brand” whenever their name appears in the...

According to Cybersecurity Ventures, cybercrime would be the world’s third-largest economy (after the U.S. and China) if measured as a country as its damages may total $9.5 trillion globally in 2024. While this may be a surprising stat, it should reiterate the importance of your cybersecurity plan and solutions. External threats play a large part in digital threat landscape, and like the name...

Of the three forms of threat intelligence (strategic, operational, and tactical), tactical threat intelligence is the most directly actionable. Tactical threat intelligence also enables defenders to engage in threat hunting or root cause analysis activities when examining historical (attempted) intrusions. This is useful in detecting breaches that may have occurred, understanding the cause of a previous breach, and understanding whether a particular adversary or TTP is being attempted against your organization.

Understanding how cyberattacks unfold is key to stopping them. In this blog, Fortra’s threat researchers break down the anatomy of a recent smishing campaign, revealing the tactics, techniques, and infrastructure behind the attack. The Smishing Attack The smishing text contains a banking alert about a transaction being put on hold and urges the reader...

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sender VerificationSender’s Email: ogawa@kidscorp[.]jp Sender’s Name: Beth KolcunReply-To Address: beth...

One of the most used phishing-as-a-service platforms, LabHost, has been taken down by an international group of law enforcement authorities coordinated by Europol. Fortra has closely monitored LabHost and has mitigated tens of thousands of phishing attacks carried out by cybercriminals using the platform in recent years.

In Q4, three malware families represented more than 93% of all payload volume targeting end users, with Malware-as-a-Service (MaaS) DarkLoader leading all other reports. Fortra first received reports of DarkLoader in user inboxes in Q3, with attack volume picking up significantly beginning in October. The shift to criminal activity associated with DarkLoader comes after coordinated efforts by...

Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access...

Historically, the average brand is targeted by 40 look-alike domains per month. Look-alikes are a strategic component of malicious lures and websites and used in a variety of spaces including social platforms, text messages, the open web, and email. An attack that incorporates a look-alike domain can mean the difference between a convincing campaign and a suspicious one, with a versatility that...