Risk Management January 24, 2023

Too Much Caffeine? Phishing-as-a-Service Makes Us Jittery

2 min read - Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking. Sounds like a typical Software-as-a-Service…

Identity & Access January 24, 2023

An IBM Hacker Breaks Down High-Profile Attacks

5 min read - On September 19, 2022, an 18-year-old cyberattacker known as “teapotuberhacker” (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then…

News January 11, 2023

Read Carefully: The Dangers of Punycode and Typosquatting

4 min read - Many phishing attacks pose as banks, and their efforts can be quite convincing. Everything in the email might look official, including the logo. But if you carefully examine the sender’s address, you can see it’s from an imposter. Now threat…

Intelligence & Analytics December 29, 2022

The 13 Costliest Cyberattacks of 2022: Looking Back

5 min read - 2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets…

Risk Management August 25, 2022

Black Hat SEO: Is Someone Phishing With Your Site Domain?

5 min read - Search engine optimization (SEO) is a long game. Improving your website to rank higher on search engine results pages helps you attract more traffic. Plus, it helps build a trustworthy reputation. But, some people want to take shortcuts by using…

Risk Management August 5, 2022

Fishy Business: What Are Spear Phishing, Whaling and Barrel Phishing?

4 min read - For threat actors, phishing embodies the holy trinity of goals: easy, effective and profitable. It’s no wonder that the 2022 X-Force Threat Intelligence Index reports that phishing was the top method used by attackers to breach an organization. Of all…

News July 6, 2022

Bulk Email Theft May Point to Russian Espionage

2 min read - Cybersecurity researchers recently identified a threat group with a possible Russian connection that targets corporate email environments. At first, the researchers thought the UNC3524 gang mostly sought money, as do many ransomware attacks. A deeper look at the group’s actions,…

Data Protection July 5, 2022

Why Phishing Is Still the Top Attack Method

4 min read - This post was written with contributions from Stephanie Carruthers, Camille Singleton and Charles DeBeck. Attackers are known to pore over a company’s website and social channels. Perhaps they spot a mention of an upcoming charity event. Who runs the charity?…

Data Protection April 28, 2022

What Are the Biggest Phishing Trends Today?

4 min read - According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing…

News November 10, 2021

Phishing-as-a-Service: Research Exposes BulletProofLink Gang

2 min read - It’s a growing trend among attackers to offer their products as a service, just as regular companies do. In September, Microsoft researchers found that the BulletProofLink phishing-as-a-service (PhaaS) enterprise was taking this to the next level. It comes with over…