Phishing is possibly the most common type of cyberattack, being the vehicle for credential theft and malware distribution. It first appeared on the scene in the 80s and has grown exponentially since then, with over 40,000 unique phishing campaigns reported by research organisation APWG each month.
Worryingly, 97% of users would be unable to detect a sophisticated phishing attack, so what do we need to look out for? And how can we protect ourselves?
Go Phish!
The word phishing is a “catch-all” term for fraudulent activity designed to capture credentials, credit card details or other sensitive information. It may also mean the mechanism by which an attacker distributes malicious content to infect a device or network with ransomware, usually via an e-mail attachment.
We’ve probably all been the target of a generic consumer phishing campaign, with messages supposedly from Amazon, Netflix, or our e-mail providers asking us to reset our passwords. These are usually poorly designed messages, sent en masse to hundreds or thousands of users, from attackers expecting a low success rate. Fortunately, the majority of these types of phishing message are filtered by our default e-mail security settings and those that do make it through are often easily identified, but more on that later!
As....
Author
- BlogMay 2, 2022Lupo - Malware IOC Extractor and Debugging module for Malware Analysis Automation
- BlogMay 2, 2022DDexec - a technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process
- BlogApril 28, 2022ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
- BlogApril 27, 2022Shhhloader - SysWhispers Shellcode Loader