Why Organizations Need More Than Just “Security Awareness” It has been debated whether or not security conscious behavior and awareness can be changed. As highlighted in the Verizon DBIR 2020 report, human error is the main cause of successful cyber attacks. The report reveals that 74% are caused by human error, and nine out of Read More
How Microsoft Phishing Campaigns Bypass Security Awareness: A Deep Dive into Advanced Threats
Traditional security awareness training often teaches users to analyze URLs and language and design inconsistencies in phishing sites. Attackers know this approach and continually evolve their tactics to bypass these defenses. The StrongestLayer Threat Intelligence Team has observed one such shift in real time. A sophisticated Read More
Hybrid-AI Phishing Group Compromising Luxury Car Dealerships, Setting Up Job Portals and Real Estate Agencies Across US, EU, Middle East and Africa to Seed Phone Phishing Attacks
Why does this matter? Real, legitimate websites can be compromised to deceive users into falling victim to wire transfer fraud, credit card theft, and data harvesting. These attacks start by bypass security controls and end up in a user’s inbox. Read More
StrongestLayer uncovers 3 million malicious domains through investigating AI-Generated brands
This story began with an innocuous-looking domain encountered by one of StrongestLayer’s analysts during routine threat-hunting activities focused on zero-day phishing attacks. The domain appeared entirely clean, hosting no malicious code. It was associated with a brand named “Swift Nexus Bank” Read More
India Times Hosting Redirect to Newly Discovered Microsoft Phishing Page. Are Your Employees Prepared?
StrongestLayer Threat Intelligence had been encountering phishing traffic that was taking advantage of a mass mailing website called ‘exactag.com,’ where attackers continuously created new subdomains for nefarious purposes. Since we encountered this multiple times, we marked the site as malicious for Read More
Unmasking the tactics of a malicious actor targeting US based employees: The Importance of Building Resilience Against ‘The Next Threat’
Why this matters Phishing threats are becoming more advanced. Malicious actors are hiding their identity behind redacted whois information and leverage publicly available cloud platforms to create, prepare, weaponize then redirect ultra realistic and relevant campaigns, evading Read More