Cloud Security April 4, 2023

New Generation of Phishing Hides Behind Trusted Services

4 min read - The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion…

Incident Response February 6, 2023

Why Crowdsourced Security is Devastating to Threat Actors

4 min read - Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one…

Risk Management August 5, 2022

Fishy Business: What Are Spear Phishing, Whaling and Barrel Phishing?

4 min read - For threat actors, phishing embodies the holy trinity of goals: easy, effective and profitable. It’s no wonder that the 2022 X-Force Threat Intelligence Index reports that phishing was the top method used by attackers to breach an organization. Of all…

News July 6, 2022

Bulk Email Theft May Point to Russian Espionage

2 min read - Cybersecurity researchers recently identified a threat group with a possible Russian connection that targets corporate email environments. At first, the researchers thought the UNC3524 gang mostly sought money, as do many ransomware attacks. A deeper look at the group’s actions,…

Data Protection July 5, 2022

Why Phishing Is Still the Top Attack Method

4 min read - This post was written with contributions from Stephanie Carruthers, Camille Singleton and Charles DeBeck. Attackers are known to pore over a company’s website and social channels. Perhaps they spot a mention of an upcoming charity event. Who runs the charity?…

News June 15, 2022

Cyber Threats Target US Election Officials With Phishing Campaign

2 min read - On March 29, the FBI warned of an ongoing and widespread phishing campaign targeting U.S. election officials. Using false invoice inquiries and breached email accounts, attackers have attempted to steal officials’ login credentials in at least nine states since October…

Data Protection April 28, 2022

What Are the Biggest Phishing Trends Today?

4 min read - According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing…

Malware April 26, 2022

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

4 min read - Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The…

News December 7, 2021

Credential Phishing, Brute Force Attacks Both Increased in H1 2021

2 min read - Security researchers detected an increase in both phishing campaigns and brute force attacks in the first half of 2021. Vendor and Business Email Compromise Attempts Also Up According to Abnormal Security, the volume of brute force attacks grew by 160%…

News November 10, 2021

Phishing-as-a-Service: Research Exposes BulletProofLink Gang

2 min read - It’s a growing trend among attackers to offer their products as a service, just as regular companies do. In September, Microsoft researchers found that the BulletProofLink phishing-as-a-service (PhaaS) enterprise was taking this to the next level. It comes with over…