Demystify the Dark Web: Learn the difference between the Deep Web and Dark Web, uncover legitimate uses, and explore key risks like doxing, ransomware-as-a-service, and brand impersonation that could impact your business.

Imitation is often the clearest sign your brand is making an impact. Whether through a viral moment or a market-defining launch, your success doesn’t just capture attention. It sets the pace, inspiring both competitors and collaborators to follow your lead.But when imitation crosses the line into online brand impersonation, the effects shift from flattering to potentially disastrous. Deceptive...

For many organizations, the issue isn’t a lack of cyber threat intelligence. Instead, internal security teams grapple with an excess of threat intelligence data, including alerts, indicators, and dashboards, yet their brand protection still falls short.Why is that? Because merely having threat intelligence data doesn’t automatically enhance your security posture. Without the proper context,...

In the world of domain ownership, the need for disputes and enforcement can occur. But how should they be handled? What’s the difference between Uniform Domain-Name Dispute-Resolution Policy (UDRP) domain takeovers and a domain takedowns? Let’s take a closer look at the processes.What Is a UDRP Domain Takeover? Established by the Internet Corporation for Assigned Names and Numbers, UDRP is the...

Of the three forms of threat intelligence (strategic, operational, and tactical), tactical threat intelligence is the most directly actionable. Tactical threat intelligence also enables defenders to engage in threat hunting or root cause analysis activities when examining historical (attempted) intrusions. This is useful in detecting breaches that may have occurred, understanding the cause of a previous breach, and understanding whether a particular adversary or TTP is being attempted against your organization.

Understanding how cyberattacks unfold is key to stopping them. In this blog, Fortra’s threat researchers break down the anatomy of a recent smishing campaign, revealing the tactics, techniques, and infrastructure behind the attack. The Smishing Attack The smishing text contains a banking alert about a transaction being put on hold and urges the reader...

Fortra continues to monitor malicious activity targeting Canadian banks by the Phishing-as-a-Service (PhaaS) group known as LabHost. Throughout 2022 and 2023, phishing campaigns linked to PhaaS platforms have surged, as threat actors increasingly rely on subscription-based services to execute attacks. These platforms offer a range of features, including stolen industry branding, real-time...

Executive impersonation on social media is at an all-time high as threat actors take advantage of AI to improve and scale their attacks. In Q3, accounts pretending to belong to high-ranking executives on social media climbed to more than 54% of total impersonation volume, surpassing brand attacks for the first time since Fortra began tracking this data. The volume and composition of these attacks...

Since early 2022, Fortra has been monitoring a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout is Strox (aka Strox.su or Strox Pages). Strox is one of the most complete phishing...

Threat actors exploit the dark web to trade stolen data and illicit goods anonymously, often without the victim organization’s awareness. Malicious activity takes many forms across underground channels, but the technical barriers to accessing the dark web limit visibility — making it challenging to identify which assets may be exposed.If sensitive information is undetected on the dark web,...

Domains remain one of the most exploited tools in the hands of threat actors, fueling phishing schemes and victim manipulation. In our latest Quarterly Threat Trends & Intelligence Report, we uncover how attackers are weaponizing Legacy Generic (gTLD) and Country Code (ccTLD) top-level domains — along with HTTPS and free security certificates — to infiltrate and target enterprises. Top-level...

Social media threats targeting enterprises have increased 47% since January 2021, according to our Quarterly Threat Trends & Intelligence Report. While the attack volume varies by industry, today the average organization is being targeted on social media with increasing frequency.Every quarter, we analyze and mitigates hundreds of thousands of phishing and social media attacks targeting...

Look-alike domains remain some of the most consistent elements of cyber-attacks targeting organizations. At a high-level, there are two ways to mitigate the threat of a look-alike domain: Remove the threat completely by taking it offline, or block attacks on your users by implementing IT security controls. If we dissect the construction of a look-alike domain, we see where each step in its...

Every year, cybercriminals spin up hundreds of thousands of look-alike domains — tiny, deceptive variations of real web addresses that exist purely to trick people and steal money. A look-alike domain is a nearly identical domain name, registered with intent to impersonate a legitimate brand. In this post we’ll show how domain names power online communication, break down the anatomy of these...

Malicious domains play a central role in a wide range of cyberattacks that can severely damage a brand’s reputation. Spoofed domains are often quick and inexpensive to create, making them effective tools for launching phishing campaigns and distributing malicious emails. To identify and respond to domain-based threats targeting your organization, security teams must adopt advanced, well-defined...