Blog
How Organizations Can Use Dark Web Intelligence
Thu, 11/09/2023
The scope of intelligence on underground marketplaces is vast and navigating the dark web in search of brand mentions and potential threats can be time-consuming and complex. In order to proactively defend against attacks and mitigate the threat of leaked information, organizations should consistently monitor marketplaces and forums for data pertaining to their brand. If questionable data is...
Blog
Q3 Payload Report
Thu, 10/26/2023
QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021. While QBot led all other...
Blog
Threat Actor Profile: Strox Phishing-as-a-Service
Thu, 10/12/2023
Threat Background & History Beginning in the first half of 2022, Fortra has monitored a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout the past two years is known as Strox (aka Strox...
Blog
Reduce Ransomware Risk And Detect Data Leaks
By Monica Delyani on Fri, 10/06/2023
Ransomware Risk Has Never Been Greater Ransomware gangs are strategically targeting enterprises, disabling critical systems, and demanding record ransom amounts. They are also stealing confidential data and threatening to leak company secrets unless victims pay up. With Fortra's Agari, enterprises can disrupt these attacks before they start and proactively monitor for ransomware data leaks. Stop...
On-Demand Webinar
2023 BEC and Email Impersonation Trends
Examine campaigns, tactics, and infrastructure used in recent BEC and email impersonation attacks to better defend against BEC and domain impersonation threats.
Protect Against BEC From Inception to Inbox
Protect Against BEC From Inception to Inbox cendy.moliere Wed, 01/24/2024 - 11:47 Business Email Compromise (BEC) attacks evade security filters and lead to fraud, compromised accounts, and data leakage. They use social engineering to trick recipients into executing urgent financial transactions or sending confidential data. Account takeover and look-alike domains are used by threat actors to impersonate senior-level executives and business partners in BEC scams. Often...
Cloud Email Security
Blog
Cyber Defense Magazine: New PhishLabs Research Details .ZIP Abuse
Thu, 09/21/2023
Fortra’s PhishLabs has identified two separate incidents of new Google top-level domain (TLD) .zip used in phishing attacks. The attacks, detailed in the September issue of Cyber Defense Magazine, use .zip to impersonate a social media conglomerate and global technology company. Look-alike domains using common file extensions are increasingly used to enhance the perceived legitimacy of cyber...
Blog
Attacks on Credit Unions Exceed All Other Industries in Q2
Thu, 09/14/2023
According to Forta’s Phishlabs, credit unions became the top targeted industry on the dark web in Q2, surpassing banking institutions for the first time since we began reporting on this data in 2021. Financial institutions as a whole experienced the vast majority of abuse, with compromised credit card data leading all threat types on the dark web. Every quarter, Fortra’s PhishLabs analyzes...
Blog
QBot Operations Peak Pre-Takedown, O365 Attacks Increase in Q2
Fri, 09/01/2023
Cybercriminals doubled down on popular threat types and preferred malicious software in Q2, with O365 phish and QBot malware dominating inboxes by significant margins. QBot operations eclipsed all other malware once again, reaching their highest volume of share just before a multinational takedown Tuesday removed malicious code from more than 700,000 computers. Similarly, but lacking in disruption...
Blog
The Top Three Domain Protection Best Practices
Tue, 08/29/2023
Impersonating an organization’s domain can be a lucrative business for cybercriminals. Fortra’s 2023 Domain Impersonation Report found that the average brand is targeted by 40 look-alike domains per month. The two common types of domain impersonation are look-alike domains and email spoofing.
Blog
Original Research from Fortra Reveals Pervasiveness, Types of Look-Alike Domains Targeting Brands
Thu, 08/24/2023
In the ever-evolving landscape of cybercrime, look-alike domains remain a constant component in the vast majority of threats. Look-alike domains or, URLs that resemble those of a legitimate brand, can cause significant damage to brand reputation by way of fraudulent websites, phishing schemes, malware distribution, and more. Original research conducted by Fortra’s PhishLabs analyzes how look-alike...
Blog
The Use of Natural Language Processing for Identifying and Mitigating Threats
Thu, 08/17/2023
As technology advances, the battle between cyber criminals and organizations intensifies. Cyber threats have become more sophisticated, complex, and widespread, posing a significant risk to the security and integrity of sensitive data. In Q1 2023 alone, the number of global cyber attacks increased by 7% , with an average of 1,248 attacks reported per week. In a separate report by The Independent...
Blog
Phishing Sites Impersonating Social Media Jump in Q2
Fri, 08/11/2023
In Q2, phishing attacks targeting social media platforms increased more than 23%, according to Fortra’s PhishLabs. This is the greatest volume of attacks on social media in two years and puts the industry ahead of historically top targeted financial institutions. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this...
Blog
Q2 Payload Report
Thu, 07/27/2023
QBot dominated as the top payload in Q2 with more than 95% of reported volume, according to Fortra’s PhishLabs. This is the third consecutive quarter QBot has led all other malware varieties by a significant majority. QBot was also consistently reported as a top payload in 2022, falling second only to Emotet and Redline Stealer before its current streak. Email payloads remain the primary delivery...
Blog
The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC
Thu, 07/20/2023
Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation...
Blog
Common Social Media Scams and How to Avoid Them
Thu, 07/13/2023
While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media...
On-Demand Webinar
How to Combat BEC, Ransomware, and Phishing Attacks with PhishLabs
Wed, 07/12/2023
Cybercriminals are relentlessly utilizing impersonation tactics, such as BEC, to steal from your brand. Watch to learn what you can do to stop BEC, ransomware and other phishing attacks.
Blog
The Royal & BlackCat Ransomware: What you Need to Know
Thu, 07/06/2023
The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that organizations can take to protect against them. What is...
Blog
Understanding How Polymorphic and Metamorphic Malware Evades Detection to Infect Systems
Thu, 06/29/2023
Polymorphic and metamorphic malware constantly changes itself in order to avoid detection and persistently remain on the system. This adaptive behavior is the main distinctive attribute of these types of malware, which is also why they are harder to detect; it is also why they pose a great threat to systems. On the surface, the functionality of this sort of changing and mutating malware appears...