Virtualization Technology News and Information
VMblog Expert Interview: PhishLabs Discusses Key Findings Found in Latest Quarterly Threat Trends and Intelligence Report

interview phishlabs lacour 

This week, PhishLabs released their Quarterly Threat Trends and Intelligence Report, which showcased a number of key findings and trends shaping the threat landscape.  To learn more about these report findings, VMblog spoke with John LaCour, Founder and CTO of PhishLabs.

VMblog:  What do you think is driving the sharp jump (10 times greater than the previous quarter) in attacks on crypto?

John LaCour:  There are a lot of good reasons right now to go after crypto accounts if you're a cybercriminal. All of the hype and growth is driving a lot of people to get into crypto that may not be very savvy when it comes to protecting their exchange accounts.  When it comes to cashing out, cryptocurrency offers a much more direct and lucrative payoff compared to most other targets that require middlemen and money mules. And there's lower risk of facing real consequences with the anonymity cryptocurrency offers.  It is a very attractive situation for the bad guys.

VMblog:  What should organizations be doing to better protect their O365 credentials?

LaCour:  Much of what we see getting past corporate email security filters are these O365 phishing attacks. As a first step, they need to recognize that secure email gateways and other filtering tools aren't perfect and are going to miss quite a bit.

Then the question becomes, how do we minimize the risk of those threats that will get through? Some steps to take:

  • Train users to recognize and report suspicious emails
  • Use threat intelligence and hunting tools to proactively search for and remove threats in user inboxes
  • Implement multi-factor authentication for O365
  • Limit using O365 credentials as authentication beyond email and related office applications

VMblog:  There seems to be a revolving door of payloads used every few months.  Why do you think they change so quickly?

LaCour:  Most payloads we see making it into user inboxes are loaders or banking Trojans that are part of Malware-as-a-Service operations. They provide initial access into corporate networks that affiliated cybercriminals pay to use.  They're designed to install additional malware, steal credentials, recon internal systems, and do other things that are useful in the early stages of an attack.

Fluctuations in this MaaS market usually reflect the preferences of cybercriminals. However, the email payload movement lately has correlated more with changes in the ransomware landscape including the disruption of high profile threat groups like Darkside.

VMblog:  2020 dramatically increased most consumers' (and businesses') digital footprint.  What are steps we all should be taking to better protect our PII, considering the breadth of our online presence?

LaCour:  2020 certainly accelerated a lot of trends with many businesses and employees needing to quickly shift to working from home. Digital transformation, cloud, etc. all took really fast leaps forward to keep things running. Privacy and security were not always the top priority.

Individuals and organizations need to revisit those changes and prioritize reducing privacy and security risk. Take a harder look at those SaaS and cloud services you signed up for in a rush.  Revisit them and ensure that they're configured securely with encryption, two-factor authentication, role-based access, etc.

VMblog:  What is your speculation regarding the dramatic fluctuations in phishing volume month to month?  Is there a seasonality to this?

LaCour:  There is some seasonality at play. There was a similar dip last summer. That said, with everything that has happened in the last year with the pandemic, elections, etc. it's hard to know what to expect. I can say that phishing volume tends to come back up in Q3 and July is already looking much more active than last year.

VMblog:  Why the dramatic increase in social media attacks over the first 6 months of 2021? (47%)

LaCour:  Fraud and impersonation scams have been the largest contributors to social media attack volume this year. Social media is an ideal place for these attacks. There's a ton of personal info to leverage in these scams and you can reach huge audiences.

VMblog:  Looking forward, what do you suspect we'll see in your next Quarterly Report?

LaCour:  Q3 will tell us if the drop in phishing attack volume in June is a trend in the right direction or if it's just a deviation from the sustained increase. July is looking significantly higher year-over-year, which may signal the latter.

I expect we will see attacks targeting cryptocurrency to continue to rise, the question being how fast. Similarly with threats targeting companies on social media. Both have a lot of potential to grow. It remains to be seen how big they get.

VMblog:  Is it possible for VMblog readers to get a copy of your latest report?

LaCour:  Yes, the complete PhishLabs Quarterly Threat Trends and Intelligence Report is available to download here.


Published Wednesday, August 18, 2021 7:33 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2021>