tag = "Digital Risk Protection"

Multi-Stage Vishing Attacks Skyrocket

Multi-stage vishing attacks have more than doubled since Q2, overtaking BEC attacks as the second most reported response-based threat.

BazaLoader Leads Payloads as Families Fluctuate, Players Broaden

As ransomware continues to improve its tactics and break records, PhishLabs is monitoring payload families reported in user inboxes that are used to facilitate these attacks.

Fake Mobile Apps Leave Users Vulnerable, Damage Brands

Cloned and spoofed mobile applications can damage a brand’s reputation and compromise user data.

Financial Services: The Top Tools and Tactics Used to Execute Phishing Attacks

In this post, we take a look at the tools and infrastructure used by threat actors to target financial services.

Free Tools and Services Fuel Phishing Increase

Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Social Media Attacks Increase 47%

Social media threats targeting enterprises have increased 47% since January 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

The Most Prevalent Threats to Corporate Inboxes

In this post, we discuss the top threat types reaching corporate inboxes, and what these attacks mean for security teams.

3 Strategies to Enhance Brand Threat Intelligence

In order to protect their organizations, security teams should prioritize efforts to proactively detect brand abuse.

New Quarterly Threat Trends & Intelligence Report Now Available

Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

OSINT: How Usernames Unlock Investigations

Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms.

Threat Evasion Techniques: Restricting by Interaction

Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. In this post we discuss active evasion, restricting by interaction.

Threat Evasion Techniques: Restricting By Device

Cybercriminals use evasion techniques to extend the life of phishing campaigns. In this post we discuss active evasion, restricting non-targets by device.

Threat Evasion Techniques: Restricting by Location

Evasion techniques are methods attackers deploy to extend the life of phishing campaigns. In this post, we take a look at active evasion techniques restricting non-targets by location.

The Anatomy of a Look-alike Domain Attack

In this post, we show the frequency of common look-alike domain threats, the mechanics of an attack, and resources to minimize risk.

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

Impersonation is a highly effective tactic for threat actors because it piggybacks on the credibility of a brand to legitimize a malicious objective. As a result, it is one of the most common components of a cyber attack.

What is a Look-alike Domain?

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. In this post, we'll describe how domains help us communicate on the Internet, the anatomy of a look-alike domain and why we fall for them, how attackers create them, and the best place to begin when facing this common threat.

Top 7 Use Cases for Digital Risk Protection

Digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter.In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities.

Ransomware Groups Break Promises, Leak Data Anyway

Data stolen in ransomware attacks is frequentlybecoming public even after the victim has paid.

Limited Impact of Phishing Site Blocklists and Browser Warnings

The life of a phishing site is brief, but impactful. A recent study found that by the time phishing URLs show up in blocklists, most damage is done.

What is Digital Risk Protection?

Today's enterprise attack surface is not limited to the corporate network. In fact, the network is just a small slice. When it comes to deciding how and where to attack an enterprise, threat actors have ample opportunity beyond the network perimeter. As a result, enterprises are investing in operational capabilities to detect and respond to external threats across the digital risk landscape. This is Digital Risk Protection (DRP).

Digital Risk Protection vs. Threat Intelligence

Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use cases.

Social Media Intelligence: Cutting Through the Noise

Social media is rapidly becoming the preferred online channel for threat actors. Almost four billion people use some form of social media, and organizations are increasingly reliant on company pages, executive presence, and positive customer interaction to build a strong brand. As a result, a malicious post or tweet can cause irreversible damage to an enterprise.

Royal Ripper: Multi-Stage Phishing Attack Adapts to Victim Input

PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers.

Data Leaks in 2020: Accelerated Digital Transformation Exposes Enterprises

The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood of experiencing a major incident due to data leakage is very high. So much so that a recent Gartner Emerging Technologies Report highlighted data leakage as a primary concern.

Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection

Demand for Digital Risk Protection has grown due to the need for better visibility and remediation of threats targeting enterprises' digital assets.

Account Takeover Attacks Cause Chaos @ Twitter

On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked. What does this mean for enterprises and their security teams?

Gartner Releases 2020 Hype Cycle for Security Operations

Digital Risk Protection has emerged as a critical new capability for security teams according to Gartner.

Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

Much like a threat actor can pose as an executive in BEC attacks, they can take over a social media account and abuse the inherent trust we have with it.

New Webinar: Inside the World of Social Media Phishing: Financial Scams

Attend our upcoming webinar to learn about the latest techniques threat actors use to abuse social media for phishing attacks.

Threat Actor Abuses Mobile Sensor to Evade Detection

A unique mobile obfuscation technique discovered to help threat actors keep their attacks alive longer.

Marketing Teams Are Not Equipped to Monitor Social Media Threats

Want to protect your brands, employees, and customers from threats originating from social media? Your marketing team and their tools are not sufficient.

5 Tips for Smarter Detection and Collection of Digital Risks

Last month our Director of Product Management discussed why modern enterprise organizations need a digital risk protection plan in place. Here are a few tips to get you started.

Social Risk Monitoring: All Press Good Press?

When bad social media posts go viral, there is a good chance the press will pick up on it. However, how damaging is it to a brand? Let's look at some numbers.

Geolocation Tracking Poses Risks to Your Employees

In the wake of the Associated Press coverage highlighting Google's location tracking fiasco, now is a good time for a refresher on why geolocation tracking is an issue.

How To Tackle the Hidden Threat of Social Media

Social media isn't just likes and memes, it's a platform designed for communication. Unfortunately, that can pose threats to your brand.