tag = "Threat Intelligence"

New Quarterly Threat Trends & Intelligence Report Now Available

Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

Digital Risk Protection vs. Threat Intelligence

Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use cases.

Evasion Techniques: User-Agent Blocking

As Phishing attacks get more sophisticated on the social engineering front, so to does the technology and techniques behind keeping them online longer.

Phishing Number One Cause of Data Breaches: Lessons from Verizon DBIR

Verizon's annual Data Breach Investigations Report has just been released. What does it have to say about Phishing?

BankBot Anubis Switches to Chinese and Adds Telegram for C2

Mobile malware BankBot Anubis recently began using Chinese characters to encode C2 information and added Telegram as a method for distributing C2 communications. This post details these changes.

A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?

As more websites obtain SSL certificates, the number of potential HTTPS websites available for compromise increases.

How to Use URL Pattern Analysis for Phishing Detection & Mitigation

Find out how URL pattern analysis can dramatically reduce the time and energy required to produce actionable phishing intelligence

Dissecting the Qadars Banking Trojan

A deep-dive malware analysis of the Qadars Banking Trojan and how it works.

Olympic Vision Keylogger and BEC Scams

The ease of buying low cost, pre-built tools broadens the range of potential targets in BEC attacks. This blog discusses one of these tools - Olympic Keylogger.

Smash & Grab cybercrime attacks have been active since mid-June

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab," targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab" operations have been active since at least mid-June. The attacks use email messages to direct potential victims to a phishing page. Visitors to the phishing page are also exposed to an exploit kit that abuses software vulnerabilities to infect victims with malware.

New Man-in-the-Middle attacks leveraging rogue DNS

PhishLabs has observed new Man-in-the-Middle attacks using rogue DNS to takeover accounts and evade fraud detection. Customers of 70+ financial institutions are being targeted.