Collaborate Disseminate
Earlier this year we released our annual Phishing Trends and Intelligence report, which highlights how the phishing landscape has evolved over the past year.
The post Phishing Around the World: How Attack Volume Grew in the Last Year appeared firs… Continue reading Phishing Around the World: How Attack Volume Grew in the Last Year
On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world.
The post Silent Librarian University Attacks Continue Unabated in Days Followi… Continue reading Silent Librarian University Attacks Continue Unabated in Days Following Indictment
Last week, news broke that an Iranian hacker network, Mabna Institute, had been systematically stealing data from universities across the US and abroad.
The post How Universities Should Respond to Iranian Hacking Charges appeared first on Security… Continue reading How Universities Should Respond to Iranian Hacking Charges
Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities… Continue reading Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment
The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whene… Continue reading A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
Have the well-meaning recommendations of the security community made web users more vulnerable to cyber attacks? Have we conditioned people to be phished?
You know that little green padlock symbol that appears in your browser’s URL bar every now and then? What do you think it means?
The post Have We Conditioned Web Users to be Phished? appeared first on Security Boulevard.
Continue reading Have We Conditioned Web Users to be Phished?
The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.
And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.
An SMS arrived? Better read it straight away.
New email? Let me at it.
Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to.
The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.
So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.
Continue reading The Mobile Phishing Threat You’ll See Very Soon: URL Padding
In the past few years, you’ve no doubt started to see some pretty strange website suffixes.
You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.
Continue reading Beyond .COM: Analysis of Phishing Domains in 2016
Phishing has proven to be a successful, lucrative, and persistent threat vector that does not discriminate by industry or size of an organization. Traditional defensive measures against phishing attacks focus on shutting down the web page. This may address the immediate problem, is that really a fight? This reaction does little to stop the cybercriminal who is able to continue launching future attacks.
For us to truly evolve the fight against phishing, we need to combine the traditionally defensive posture with a proactive, aggressive strategy. This shift will allow us to disrupt the phishing supply chain and proactively go after kits and their creators on the distribution level instead of reacting to phishing sites that have been identified one-at-a-time.
Using in-depth, comprehensive intelligence can help us do a better job of fighting phishing instead of reacting to it. If we are able to provide context to threats by understanding where and how they manifest, we are able to better prepare, defend, and prevent future cyberattacks.
While more organizations than ever before recognize the need to educate and train their employees on the dangers
of phishing attacks, it’s important that those in charge of training make sure employees understand that not all phishing probes are alike. That’s because recognizing the “smell” of a phishing attempt is a powerful defense against
the malicious bag of tricks used by cybercriminals to breach your security.
In 2015, PhishLabs analyzed more than 1 million confirmed malicious phishing sites residing on more than 130,000 unique domains. While the typical consumer phishing attack has garnered much attention, the specialized business spear phishing attack poses increasing risk for a company and its employees.
Here’s a brief menu of the types of phishing attacks your employees need to recognize and avoid.