The Impact of Phishing, and Why it Should be Your #1 Priority

Nation states. Hacktivists. Cyber criminals. There are so many players in the modern threat landscape it can be hard to keep up. And the number of threats? Practically too many to count. By the time you’ve secured your organization against password reuse, DDoS, and crimeware attacks, your resources are likely so diminished there’s no point even thinking about what else could be out there. But there’s a problem. An elephant in the room, if you like. There’s one threat vector that gets minimal attention, and even less budget… and yet is a common factor in almost every data breach you’ve heard about in the last decade.
Read more

Phishing landscape thrives in the second quarter of 2017

It probably comes as no surprise that the second quarter of 2017 brought changes in the phishing landscape. A dramatic increase (41%) in overall phishing volume was observed by the PhishLabs research team. Additionally, there have been shifts in the industries that are being targeted. This is further evidence that the threat landscape is both thriving and volatile as cybercriminals pivot and exploit different targets.  After years of gathering and analyzing phishing data, only one thing is certain - phishing continues to be a successful attack method for cybercriminals.
Read more

Phishing Implications of the Equifax Data Breach

By now, just about everyone has heard about the massive Equifax data breach. It exposed the sensitive personal information of more than 143 million consumers (nearly half of all Americans) and has been spread across headline after headline since it was first announced on September 7th. There have been plenty of reports and advisories published since then with guidance for individuals affected. The FTC issued a useful list of steps that victims can take to reduce the risk of their information being abused, many of which could simply be copy/pasted given how frequent and common breaches of this scale have become. Set up fraud alerts, check your credit report for free, sign up for monitoring, freeze your credit files with the major credit bureaus, keep a close eye on financial statement for any unusual activity, etc. While those are all good steps to take, we should also consider the implications when it comes to phishing.
Read more

WannaCry: What We Know… and What We Don’t

Unless you've had your head buried firmly in the sand for the past few days, you’ll already have heard of WannaCry, the latest in an ongoing deluge of ransomware strains. Since the attack started last Friday over 230,000 computers have been infected across 150 countries, with high profile victims including Telefónica, Britain’s National Health Service (NHS),  FedEx, Deutsche Bahn, and LATAM Airlines. And if you’ve been following the story, you’ll know all sorts of people have been getting involved. With slightly confusing (and sometimes contradictory) reports surfacing in news outlets all over the world, we thought we’d take a few moments to explain what is (and isn’t) currently known about WannaCry, and what you can do to minimize your organization’s risk of infection.
Read more

Global WannaCry Ransomware Outbreak

Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks. 
Read more

The 2017 Phishing Trends & Intelligence Report is now available!

On behalf of the PhishLabs R.A.I.D., I'm proud to announce that the 2017 Phishing Trends & Intelligence Report has been released. As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening. 
Read more