Resources
Press Release

PhishLabs Ranked Highest for Cybercrime Threat Intelligence

Winners announced at InfoSec World 2017 in Orlando. Charleston, S.C., April 20, 2017 – PhishLabs, the leading provider of 24/7 phishing defense and intelligence solutions, today announced it was recently ranked highest in cybersecurity client experience in the category of Cybercrime Threat Intelligence by Black BookTM of Cybersecurity LLC, a division of Brown-Wilson Group, Inc...
How To Build a Powerful Security Operations Center, Part 2: Technical Requirements
Blog

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Wed, 04/19/2017
  In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC). And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started. In this post, we’re going to take a...
How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics
Blog

How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics

Fri, 04/14/2017
  There’s a certain mystique and excitement surrounding the idea of a security operations center. It puts your in mind of a mission control style room, possibly in an underground bunker, where people in uniforms shout orders and spend all their time responding to imminent threats. And in a world where cyber attacks have become a daily reality, and even midsize organizations...
Press Release

The Phishie Awards: (Dis)Honoring The Best Of The Worst Phishing Attacks

The FBI dubbed the category of attacks “business email compromise” in an August advisory. At that time, the Bureau estimated that, since 2013, the total dollar losses to American companies exceeded $740 million, while only hitting around 7,000 targets. When international victims are added in, the losses total $1.2 billion. Don Jackson, threat researcher and malware analyst for...
When Good Websites Turn Evil: How Cybercriminals Exploit File Upload Features to Host Phishing Sites
Blog

When Good Websites Turn Evil: How Cybercriminals Exploit File Upload Features to Host Phishing Sites

Thu, 08/25/2016
  Compromised websites are an integral part of the cybercrime ecosystem. They are used by cybercriminals to host a wide range of malicious content, including phishing sites, exploit kits, redirects to other malicious sites, and other tools needed to carry out attacks.  Why? One reason is because there is an abundance of insecure websites around the world that can be easily...
Alma Ransomware: Analysis of a New Ransomware Threat (and a decrypter!)
Blog

Alma Ransomware: Analysis of a New Ransomware Threat (and a decrypter!)

Wed, 08/24/2016
  With low overhead and risk of prosecution, ransomware attacks have outpaced banking Trojans in sheer number of incidents, if not profit.  Ransomware’s rapidly growing popularity has spawned dozens of variants, subtypes, and families as threat actors seek to outmaneuver researchers and competitors. In this dynamic threat landscape, alongside monitoring the established...
Press Release

Three more firms hit by targeted phishing attacks seeking W2 data

It’s happened again. Scammers have leveraged Phishing to gain access to W2 information at several firms, including technology powerhouse Seagate. No company is immune to these types of social attacks, and organizations both large and small have become victims to a finance-based scheme that has a long reach. Last week, Sunday in fact, Snapchat disclosed that someone had posed...
Olympic Vision Keylogger and BEC Scams
Blog

Olympic Vision Keylogger and BEC Scams

Tue, 05/24/2016
  During a recent analysis of a business email compromise (BEC) scam, we observed a lure attempting to install the Olympic Vision Keylogger. Further research determined that this keylogger and the accompanying Olympic Vision Crypter were used in a larger campaign, targeting multiple organizations using a variety of different lures, including invoice lures and shipment...
Press Release

The Hunt for the Financial Industry’s Most-Wanted Hacker

From Bloomberg The malware known as ZeuS and its rogue creator have been at the cutting edge of cyber-crime for nearly a decade. With repeated enhancements, ZeuS and its offspring became juggernauts of cyber bank robbery—turning millions of computers into global networks of zombie machines enslaved by criminals. Conservative estimates of their haul reach well into hundreds of...
Fraudsters Take Advanced Fee Scams to the Next Level
Blog

Fraudsters Take Advanced Fee Scams to the Next Level

By Jessica Ryan on Tue, 12/16/2014
We've all seen them before. The late prince Abdul has left us millions in inheritance and we need only provide a minor convenience fee to receive the funds. Advanced fee scams are nothing new and have been circulating the Internet since its inception. Until now, scammers have relied on email correspondence and convincing legal jargon to con victims out of their hard-earned...
Press Release

Source Code of Android RAT Dendroid Leaked Online

From SecurityWeek. The complete source code for the Android remote access Trojan (RAT) called Dendroid has been leaked online, which researchers from PhishLabs have found contains several vulnerabilities. “The lack of user input validation in Dendroid’s control panel is severe, especially when you consider the level of operational security needed in even smaller crimeware...
Vulnerabilities found in Dendroid mobile Trojan
Blog

Vulnerabilities found in Dendroid mobile Trojan

Mon, 08/18/2014
  On Friday, the full source code of the Dendroid Remote Access Trojan (RAT) was leaked. Dendroid is a popular crimeware package that targets Android devices and is sold on underground forums for $300. Usually the source code for botnet control panels is encrypted, so it was surprising to find the full source code for the Dendroid control panel included in the leaked files....
Phishing Takedown Anti-Phishing Phishing Protection
Blog

Phishing Takedown Anti-Phishing Phishing Protection

Tue, 04/08/2014
  Phishing is a prevalent problem for businesses, particularly financial institutions. Over the years, many services have emerged to help organizations address phishing attacks that are targeting their customers' accounts. When seeking solutions, businesses find they have several options to choose from. These fall into three categories: Phishing takedown services Anti...
Blog

“Your ACH Transaction” Spam Leads to Malware

Thu, 02/24/2011
PhishLabs has discovered a new malware campaign which appears to be an alert from NACHA regarding a failed ACH transaction. If a vulnerable user clicks the enclosed link, they will be infected with malware. Users receive an email message which appears as follows: From: [email protected] [mailto:[email protected]] Sent: Thursday, February 24, 2011 9:47 AM To: Denise Muns Subject: Your...
Blog

Advancements in Phishing Redirector Scripts

Fri, 02/05/2010
Almost since the beginning of phishing, attackers have created simple webpages that redirect users to another URL that contains the actual phishing form. They do this for several reasons. In case their phishing site is shutdown, they can simply change the destination of the redirect to point to another phishing site. This means that everyone who receives an email with the...