tag = "Digital Risk Protection"

A Spotlight on Cybersecurity: 2022 Trends and 2023 Predictions

Looking ahead to 2023, Fortra’s security experts anticipate new cyber challenges will emerge. In return, organizations and authorities will work more closely together to better strengthen their security posture and response to threats. In this blog, we take a look at what our cybersecurity experts predict for 2023.

How to Recognize and Respond to Emerging Social Media Cybersecurity Threats

Whether you love or loathe social media, these platforms have become integral to how we communicate as individuals and businesses. Cybercriminals have also taken note, embracing these communication channels wholeheartedly to reach vast audiences quickly, anonymously, and cheaply, successfully defrauding targets of all stripes.

Holiday Season Triggers Rise in Counterfeit Activity

Criminals are capitalizing on the urgency behind gift-giving celebrations such as Black Friday, Cyber Monday, Christmas, and Hanukkah. Counterfeit activity has grown more than 50% from September through November, with a 27% increase over the course of November alone, according to Fortra’s PhishLabs.

Financials and Card Data Top Q3 Targets on the Dark Web

In Q3, Credit Unions nearly overtook National Banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs.

Attacks Targeting Businesses on Social Media Jump 40% YoY

In Q3, the volume of social media attacks targeting the average business was 40.4% higher than the same time last year, according to the latest data from Fortra’s PhishLabs.

Social Media Mitigation Best Practices for All Financial Institutions

The financial industry continues to experience the largest volume of abuse among all industries on social media.

Crucial Tech Podcast with Agari: Hybrid Vishing Attacks

Listen as Agari’s John Wilson discusses the latest research from Agari and PhishLabs by Fortra.

How to Mitigate Online Counterfeit Threats

The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands.

How to Collect Intelligence on Threats Targeting Retail Brands

Retail brands are increasingly targeted with fraudulent advertisements, fake social accounts, and falsely branded websites. These multipronged counterfeit campaigns redirect sales and compromise consumer data using brand recognition, the same component critical to driving sales within the retail industry.

Chat-Based Services, Finance, Heavily Abused on the Dark Web in Q2

Nearly half of stolen data on the Dark Web was marketed through Chat-Based Services in Q2 after a sharp increase in illegal transactions, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.

Fraud, Impersonation Fuel Q2 Increase in Social Media Attacks

In Q2, malicious attacks targeting organizations on social media have increased more than 20% over Q1, according to the latest Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report.

The “I’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a BEC attack.

Interview: How Organizations Can Proactively Tackle Phishing Attacks

Billy Smith, Managing Director at PhishLabs by Fortra, and Mike Jones, Senior Director of Product Management at Agari by Fortra, discuss the evolution of social engineering attacks, and how organizations can proactively fight back against phishing.

Emotet Tops Payload Attack Volume in Q2

Emotet contributed to just over 47% of all attacks targeting corporate users in Q2, narrowly surpassing the former leader QBot.

Customer Phishing Protection Couldn’t Be Easier with PhishLabs

Despite billions having been invested into perimeter and endpoint security since the onset of the pandemic and the birth of remote or hybrid work environments, phishing and business email compromise (BEC) scams have become primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc on companies and their customers.

Dark Web Disruptions in Q1 Trigger Shift in Illicit Exchanges

In Q1, the exchange of sensitive data on Carding Marketplaces and Forums increased as government seizure of multiple Dark Web sites prompted a shift in where actors conduct illegal activities, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.

Q1 Phishing Volume Consistent, Up Over Q4

In Q1, more than 51% of phishing sites abused paid services, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.

Social Media Attacks Targeting Businesses Increase 105%

Social media attacks targeting enterprises have increased 105% from Q1 2021 to Q1 2022 according to Agari and PhishLabs’ latest Quarterly Threat Trends & Intelligence Report.

Advanced Cyber Threat Intelligence

This guest blog by Dr. Edward Amoroso, TAG Cyber, provides a high-level overview of modern advances in cyber threat intelligence and how the Fortra cybersecurity portfolio supports this important method for reducing information risk in enterprise at various levels of the intelligence process starting with data security.

Social Media as a Threat Channel

In this episode of the EM360 podcast, Head of Content Max Kurton talks to John LaCour, Founder & CTO of Phishlabs and Principal Strategist at parent company Fortra, about Social Media as a threat channel.

PhishLabs Q4 Report Documents Shifts in Dark Web Activity

In Q4, Carding Marketplaces experienced a dramatic increase in activity, representing 32.9% of criminal exchanges on the Dark Web and signaling a shift away from web forums.

Average Organization Sees Two-Fold Increase in Social Media Attacks in 2021

Social Media attacks targeting enterprises increased 103% in 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

Vishing Volume Increases 554% in 2021

Hybrid Vishing attacks have increased 554% in volume, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Qbot, ZLoader Represent 89% of Payload Volume in Q4

Qbot and ZLoader payloads targeting enterprises contributed to almost 89% of email-based malware volume in Q4.

Stolen Card Data Leads Dark Web Threats

In Q3, more than 75% of threats observed on the Dark Web were related to stolen credit card and debit card data, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Social Media Attacks Increase 82%

Attacks targeting enterprises on Social Media have increased 82% since January, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

Despite their Simplicity, New Emotet Attacks Forecast Threatening Future

PhishLabs has recently observed attacks targeting enterprises with Emotet payloads for the first time since January, when coordinated efforts by authorities to disrupt operations led this family of threat actors to halt activity.

Phishing Increases as Industries New and Old Face a Barrage of Threats

Phishing attacks targeting consumers during 2021 have increased nearly 32% from 2020, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Vishing Hybrid, Response-Based Attacks on the Rise

Vishing attacks targeting corporate users have more than doubled for the second consecutive quarter, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

New Quarterly Threat Trends & Intelligence Report Available

Vishing attacks have more than doubled for the second consecutive quarter, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

Advanced Banking Trojan Sets New Standard for Android Malware

A new Android banking trojan is targeting financial institutions, crypto-wallets, and the retail industry.

Multi-Stage Vishing Attacks Skyrocket

Multi-stage vishing attacks have more than doubled since Q2, overtaking BEC attacks as the second most reported response-based threat.

BazaLoader Leads Payloads as Families Fluctuate, Players Broaden

As ransomware continues to improve its tactics and break records, PhishLabs is monitoring payload families reported in user inboxes that are used to facilitate these attacks.

Fake Mobile Apps Leave Users Vulnerable, Damage Brands

Cloned and spoofed mobile applications can damage a brand’s reputation and compromise user data.

Financial Services: The Top Tools and Tactics Used to Execute Phishing Attacks

In this post, we take a look at the tools and infrastructure used by threat actors to target financial services.

Free Tools and Services Fuel Phishing Increase

Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Social Media Attacks Increase 47%

Social media threats targeting enterprises have increased 47% since January 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

The Most Prevalent Threats to Corporate Inboxes

In this post, we discuss the top threat types reaching corporate inboxes, and what these attacks mean for security teams.

3 Strategies to Enhance Brand Threat Intelligence

In order to protect their organizations, security teams should prioritize efforts to proactively detect brand abuse.

New Quarterly Threat Trends & Intelligence Report Now Available

Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

OSINT: How Usernames Unlock Investigations

Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms.

Threat Evasion Techniques: Restricting by Interaction

Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. In this post we discuss active evasion, restricting by interaction.

Threat Evasion Techniques: Restricting By Device

Cybercriminals use evasion techniques to extend the life of phishing campaigns. In this post we discuss active evasion, restricting non-targets by device.

Threat Evasion Techniques: Restricting by Location

Evasion techniques are methods attackers deploy to extend the life of phishing campaigns. In this post, we take a look at active evasion techniques restricting non-targets by location.

The Anatomy of a Look-alike Domain Attack

In this post, we show the frequency of common look-alike domain threats, the mechanics of an attack, and resources to minimize risk.

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

Impersonation is a highly effective tactic for threat actors because it piggybacks on the credibility of a brand to legitimize a malicious objective. As a result, it is one of the most common components of a cyber attack.

What is a Look-alike Domain?

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. In this post, we'll describe how domains help us communicate on the Internet, the anatomy of a look-alike domain and why we fall for them, how attackers create them, and the best place to begin when facing this common threat.

Top 7 Use Cases for Digital Risk Protection

Digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter.In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities.

Ransomware Groups Break Promises, Leak Data Anyway

Data stolen in ransomware attacks is frequentlybecoming public even after the victim has paid.

Limited Impact of Phishing Site Blocklists and Browser Warnings

The life of a phishing site is brief, but impactful. A recent study found that by the time phishing URLs show up in blocklists, most damage is done.

What is Digital Risk Protection?

Today's enterprise attack surface is not limited to the corporate network. In fact, the network is just a small slice. When it comes to deciding how and where to attack an enterprise, threat actors have ample opportunity beyond the network perimeter. As a result, enterprises are investing in operational capabilities to detect and respond to external threats across the digital risk landscape. This is Digital Risk Protection (DRP).

Digital Risk Protection vs. Threat Intelligence

Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use cases.

Social Media Intelligence: Cutting Through the Noise

Social media is rapidly becoming the preferred online channel for threat actors. Almost four billion people use some form of social media, and organizations are increasingly reliant on company pages, executive presence, and positive customer interaction to build a strong brand. As a result, a malicious post or tweet can cause irreversible damage to an enterprise.

Royal Ripper: Multi-Stage Phishing Attack Adapts to Victim Input

PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers.

Data Leaks in 2020: Accelerated Digital Transformation Exposes Enterprises

The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood of experiencing a major incident due to data leakage is very high. So much so that a recent Gartner Emerging Technologies Report highlighted data leakage as a primary concern.

Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection

Demand for Digital Risk Protection has grown due to the need for better visibility and remediation of threats targeting enterprises' digital assets.

Account Takeover Attacks Cause Chaos @ Twitter

On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked. What does this mean for enterprises and their security teams?

Gartner Releases 2020 Hype Cycle for Security Operations

Digital Risk Protection has emerged as a critical new capability for security teams according to Gartner.

Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

Much like a threat actor can pose as an executive in BEC attacks, they can take over a social media account and abuse the inherent trust we have with it.

New Webinar: Inside the World of Social Media Phishing: Financial Scams

Attend our upcoming webinar to learn about the latest techniques threat actors use to abuse social media for phishing attacks.

Threat Actor Abuses Mobile Sensor to Evade Detection

A unique mobile obfuscation technique discovered to help threat actors keep their attacks alive longer.

Marketing Teams Are Not Equipped to Monitor Social Media Threats

Want to protect your brands, employees, and customers from threats originating from social media? Your marketing team and their tools are not sufficient.

5 Tips for Smarter Detection and Collection of Digital Risks

Last month our Director of Product Management discussed why modern enterprise organizations need a digital risk protection plan in place. Here are a few tips to get you started.

Social Risk Monitoring: All Press Good Press?

When bad social media posts go viral, there is a good chance the press will pick up on it. However, how damaging is it to a brand? Let's look at some numbers.

Geolocation Tracking Poses Risks to Your Employees

In the wake of the Associated Press coverage highlighting Google's location tracking fiasco, now is a good time for a refresher on why geolocation tracking is an issue.

How To Tackle the Hidden Threat of Social Media

Social media isn't just likes and memes, it's a platform designed for communication. Unfortunately, that can pose threats to your brand.