Blog

Blog

Phishing-as-a-Service Profile: LabHost Threat Actor Group

Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access...
Blog

Record Number of Phishing Sites Impersonate Social Media to Target Victims in Q4

Phishing sites impersonated the social media industry more than any other in Q2, Q3, and Q4 of 2023. In Q4 alone, social media phish leapt nearly 20%, reaching the highest volume of abuse (over 67%) since Fortra has reported on this data point. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this post, we break down...
Blog

How Threat Actors will Leverage Domain Impersonation in 2024

Historically, the average brand is targeted by 40 look-alike domains per month. Look-alikes are a strategic component of malicious lures and websites and used in a variety of spaces including social platforms, text messages, the open web, and email. An attack that incorporates a look-alike domain can mean the difference between a convincing campaign and a suspicious one, with a versatility that...
Blog

QR Codes That Don't Bode Well - The Harm That Quishing Attacks Can Do

Most organisations have security controls in place to inspect URLs in emails to prevent the risk of credential phishing and business email compromise (BEC) attacks. However, threat adversaries have pivoted their tactics to bypass security stacks. And clicking these types of attacks often leads to account takeover. In fact, data from Fortra’s PhishLabs in Q2 2023 reported more than three-quarters...
Blog

Cybercriminal Focus in the New Year – Top 2024 Threat Trends

Criminals are constantly innovating ways to enhance deliverability and increase the success of their campaigns. Email phishing remains one of the most significant threats to organizations, but a growing number of campaigns are first touching victims via non-traditional lures or through engagement on platforms where users are more susceptible to scams. Understanding how online threats are evolving...
Blog

Getting the Board on Board: Explaining Cybersecurity ROI

In this Tripwire guest blog, we break down how to best communicate the significance of a cybersecurity investment. Despite increasing data breaches, ransomware attacks, and assorted cyber threats, convincing the Board of Directors to invest in robust cybersecurity isn't always easy for many businesses. The challenge originates mainly from the need to demonstrate a quantifiable Return On Investment...
Blog

Dark Web Threats Targeting the Airline Industry

The allure of airline status and points, along with the abundance of personally identifiable information (PII) of customers and employees, make the airline industry a prime target for threat actors on the dark web. Depending on the goal of the actor and the nature of the stolen data, criminals can find airline-specific materials for sale on a variety of markets. Nick Oram, security operations...
Blog

The Email Security Gaps in Your Cloud

According to Gartner, Microsoft lacks the ability to detect and eradicate 20% of the advanced email threats. Email security expert, Ravisha Chugh, shares why current cloud email security solutions are insufficient against advanced email threats, and why she's excited to be a part of Fortra's Cloud Email Protection.
Blog

Brand Threats Masterclass: Experts Reveal Top Attacks and Defense Tactics

There is little doubt that AI-fueled impersonation campaigns and novel attacks via non-traditional channels have emerged as a primary concern for security teams. Brand impersonation is on the rise, with nearly 40 look-alike domains targeting brands each month. On social media, impersonation attacks account for almost half of all threatening content. And online counterfeit campaigns are...
Blog

Google and Yahoo Take Stance on Email Authentication

Google's and Yahoo's email authentication requirements are rapidly approaching. At Fortra, we commend this push to require email authentication as a huge step in the ongoing fight against spoofing and abuse. Find out what the requirements are and how Fortra can help you through the email authentication journey.
Blog

How Organizations Can Use Dark Web Intelligence

The scope of intelligence on underground marketplaces is vast and navigating the dark web in search of brand mentions and potential threats can be time-consuming and complex. In order to proactively defend against attacks and mitigate the threat of leaked information, organizations should consistently monitor marketplaces and forums for data pertaining to their brand. If questionable data is...
Blog

Q3 Payload Report

QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021. While QBot led all other...
Blog

Threat Actor Profile: Strox Phishing-as-a-Service

Threat Background & History Beginning in the first half of 2022, Fortra has monitored a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout the past two years is known as Strox (aka Strox...
Blog

Reduce Ransomware Risk And Detect Data Leaks

Ransomware Risk Has Never Been Greater Ransomware gangs are strategically targeting enterprises, disabling critical systems, and demanding record ransom amounts. They are also stealing confidential data and threatening to leak company secrets unless victims pay up. With Fortra's Agari, enterprises can disrupt these attacks before they start and proactively monitor for ransomware data leaks. Stop...
Blog

Protect Against BEC From Inception to Inbox

Business Email Compromise (BEC) attacks evade security filters and lead to fraud, compromised accounts, and data leakage. They use social engineering to trick recipients into executing urgent financial transactions or sending confidential data. Account takeover and look-alike domains are used by threat actors to impersonate senior-level executives and business partners in BEC scams. Often...
Blog

Cyber Defense Magazine: New PhishLabs Research Details .ZIP Abuse

Fortra’s PhishLabs has identified two separate incidents of new Google top-level domain (TLD) .zip used in phishing attacks. The attacks, detailed in the September issue of Cyber Defense Magazine, use .zip to impersonate a social media conglomerate and global technology company. Look-alike domains using common file extensions are increasingly used to enhance the perceived legitimacy of cyber...
Blog

Attacks on Credit Unions Exceed All Other Industries in Q2

According to Forta’s Phishlabs, credit unions became the top targeted industry on the dark web in Q2, surpassing banking institutions for the first time since we began reporting on this data in 2021. Financial institutions as a whole experienced the vast majority of abuse, with compromised credit card data leading all threat types on the dark web. Every quarter, Fortra’s PhishLabs analyzes...
Blog

QBot Operations Peak Pre-Takedown, O365 Attacks Increase in Q2

Cybercriminals doubled down on popular threat types and preferred malicious software in Q2, with O365 phish and QBot malware dominating inboxes by significant margins. QBot operations eclipsed all other malware once again, reaching their highest volume of share just before a multinational takedown Tuesday removed malicious code from more than 700,000 computers. Similarly, but lacking in disruption...