Threat Intelligence |
Sponsored by |
The ability to retrieve historical WHOIS information can be essential for the cybersecurity community, particularly when it comes to threat hunting and cybercrime investigation. This investigative capability is highlighted in our latest downloadable white paper "Digging Up Zombie Domains: What WHOIS History Reveals about 3,800+ Verified Phishing Hosts" where we analyzed thousands of verified phishing hosts and their historical WHOIS records. more
The November 2021 PhishLabs Quarterly Threat Trends & Intelligence Report indicated the finance, social media, and telecommunications industries as phishers’ most targeted sectors. Last month, we analyzed a squatting campaign targeting U.S. Bancorp to determine if other banks were at risk, this time we’ll look into the top 3 phishing industry target – telecommunications. more
Locky has been around since 2016, contributing to the total amount lost to ransomware worldwide, which has to this day reached US$20 billion in the U.S. alone. It usually gets delivered to users’ computers via emails with malicious attachments in the form of macro-laden Word documents. more
Facebook CEO Mark Zuckerberg, on 28 October in Connect 2021, introduced Meta, which will be Facebook’s parent company, along with the organization’s various apps and technologies. According to Zuckerberg, "Meta’s focus will be to bring the metaverse to life and help people connect, find communities, and grow businesses." more
A typosquatting campaign targeting U.S. Bancorp was uncovered a few weeks ago, potentially posing a threat to the financial institution and its customers. As of this writing, four domains and their IP resolutions were identified as indicators of compromise (IoCs). more
An ongoing cybersquatting campaign targeting MetLife, a global insurance company, was reported by IBM Exchange X-Force, listing 12 malicious domains. We dug deeper into the campaign as part of our goal to expand lists of indicators of compromise (IoCs). more
Details about an ongoing cybersquatting campaign targeting Turkish Airlines were recently unveiled, naming 13 malicious domains connected to the threat. As one of our primary goals is to expand published lists of indicators of compromise (IoCs), we dug deeper into the campaign to determine if the threat is confined to Turkish Airlines or if other industry players are at risk as well. more
Kaseya, an IT solution developer targeting managed service providers (MSPs) and enterprises, became a victim of a massive ransomware attack last July. While the company’s CEO said that less than 0.1% of its clients were affected, the fact that it mostly served MSPs, the data belonging to as many as 1,500 small businesses could have been compromised. more
According to recent research conducted by DNS Threat Researcher Dancho Danchev, the National Security Agency (NSA) seemingly runs a free VPN domain portfolio to lure malicious users and learn more about their Internet activities. more
Conficker gained prominence back in 2008, when it was then considered possibly the most widespread worm affecting millions of Windows computers worldwide. For several years, the worm, also known as "Downup," "Downadup," "Downad," or "Kido," was the top malware infector. more