Threat Intelligence

Both Aged and New Domains Play a Role in the NDSW/NDSX Malware Campaign

Cyber attackers typically use newly registered domains (NRDs) in their campaigns to evade detection, particularly since the implementation of privacy protection in WHOIS records. But some also use aged domains like the SolarWinds hackers to render a sense of legitimacy to their pages.

Careful, the Next Premium SMS Offer You Subscribe to May Be Malicious

Premium Short Message Service (SMS) abuse is no longer new. But it's pretty rare for such threats to rack up hundreds of dollars in additional phone bill costs for every victim each year.

Father’s Day: Bad Guys’ Activities

Threat actors don't rest. Their malicious campaigns operate 24/7, especially when special occasions are approaching. Last May, we discovered over a thousand web properties related to Mother's Day, many of which either hosted questionable content or have been flagged as malicious.

Phishing Automated through Chatbots, We Found Potentially Connected Domains

Threat actors have found a way to make phishing websites appear more legitimate by employing chatbots. The newly discovered tactic starts with an email about a delivery from DHL.

In the Market for a New Car? Beware Not to Get on the Phishing Bandwagon

In an earlier post, we looked at how cybersquatters took advantage of the popularity of seven car manufacturers to lure unwitting victims to fake sites. Since then, we were alerted to a phishing campaign this time targeting several German car dealers via age-old but still effective phishing.

Blurring the Lines between APTs and Cybercrime: Cobalt Mirage Uses Ransomware to Target U.S. Organizations

In the past, security experts typically made a distinction between a cybercrime and an advanced persistent threat (APT). While cybercrime focused on obtaining financial gain, APTs trailed their sights on specific organizations, often to steal nation-state secrets.

Online Shopping Danger? 13K+ Cybersquatting Properties of Top E-Commerce Sites Discovered

AliExpress is among the most visited business-to-customer (B2C) e-commerce sites globally, with millions of visitors daily. Therefore, a recent cybersquatting campaign targeting the platform could lure many victims into buying counterfeit products, divulging their login credentials, downloading malware, and many other actions that could jeopardize their data and devices.

A Look into New Cybersquatting and Phishing Domains Targeting Facebook, Instagram, and WhatsApp

When Facebook changed its parent company name to Meta in October 2021, we detected more than 5,500 newly registered domains (NRDs) a week after the announcement. In more recent news, a judge dismissed the company's cybersquatting and trademark infringement case against Namecheap.

Beware of Frappo and Related Cybersquatting Domains

There's a new phishing-as-a-service (PaaS) solution in town, and it's called "Frappo." This new phishing toolkit enabled threat actors to launch impersonation attacks on at least 19 companies in the financial, entertainment, and telecommunications industries.

Cardano Joins the List of Favored Crypto Scam Targets

Twitter was recently abuzz with news regarding an ongoing Cardano scam via a downloadable phishing app. Posing as a giveaway promo, which is how cybercriminals have frequently been victimzing cryptocurrency owners these days, users who get tricked into downloading the rogue app end up with stolen credentials instead.