Cyberattack

A Deep Dive into Known Magecart IoCs: What Are the Connected Internet Properties?

Magecart-style attacks have been around for a while and continue to be mentioned in the news in 2021. We found and collected a list of 20 domain names that have been mentioned in the past months on VirusTotal as Magecart indicators of compromise (IoCs).

A List of Potential Attack Artifacts for the Top 3 Phished Brands in 2020

In a recent study INKY subjected around 657 million emails in 2020 and found almost 5 million phishing campaigns, more than 590,000 of which were brand impersonations. It then came up with a list of the top 25 most phished brands in a 2021 report.

A Look at Recent Attacks on K-12 Distance Learning Providers Using Domain Intelligence

As early as December of last year, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) received reports of several cyber attacks targeting K-12 distance learning institutions.

How to Monitor IP Netblocks for Possible Targeted Attacks

A couple of weeks back, a security researcher alerted his LinkedIn contacts about possibly ongoing targeted attacks stemming from the Iranian subnet 194[.]147[.]140[.]x. He advised cybersecurity specialists to watch out for subnets that may be threatful and consider blocking them. This post encouraged us to look into the subnets and details our findings using IP Netblocks WHOIS Database.

Blind Eagle Targeted Attack: Using Threat Intelligence Tools for IoC Analysis and Expansion

Blind Eagle is a South American threat actor group believed to be behind APT-C-36 and that has been active since at least 2018. It primarily targets Colombian government institutions and large corporations in the financial, petroleum, and professional manufacturing industries.

QAnon and 8Chan Digital Footprint Analysis and Investigation Expansion

In October, Brian Krebs reported that several websites related to 8Chan and QAnon went offline, albeit only briefly. That happened when the entity protecting them from distributed denial-of-service (DDoS) attacks, CNServers LLC, terminated its service to hundreds of Spartan Host IP addresses...

Attack Surface Discovery: A Review of FINRA-lookalike Domain and Linked IoCs

More recently, phishers used a Financial Industry Regulatory Authority (FINRA) look-alike domain in an attempt to breach several of its members' networks. Tasked to oversee 624,000 brokers in the U.S., attacking FINRA's clientele could yield a hefty sum should phishing email recipients fall for the ruse.

Dark Caracal: Undisclosed Targeted Attack IoCs Can Pose Risks

Targeted attacks are known as some of the most destructive cyber attacks in that they zoom in on organizations that either provide critical services or have massive user bases.

Business Email Compromise Attacks: The Big Phishing Scam That’s Easily Missed

Business email compromise (BEC) attacks are arguably the most sophisticated of all email phishing attacks, and some of the most costly. From 2016-2018, BEC alone made $5.3 billion, but it's not an attack that everyone is familiar with.

Attack Surface Analysis of 3 Social Media Giants

Cybercrime is first and foremost financially motivated. Cybercriminals look for lucrative targets, including social media networks with hundreds of millions of monthly active users. We put this perspective to the test by analyzing the domain attack surface of three of today's largest social media platforms.