How to Conduct a Phishing Attack in a 5 Easy Steps
Phishing is cybercrime’s oldest threat and it continues to be one of the most trending attacks on individuals and organizations alike. In this blog post we discuss recent players on the cyberattack scene: script kiddies, and their methods that make phishing so easy, even for the inexperienced.
Account Takeover Protection: A Real-life Example of an Email Attack Trend
A unique example of an Account Takeover (ATO): an “injected” email turns out to be an attempt to insert malware as part of a “normal” email correspondence. This is great evidence for the ultimate social engineering attack, showing how attackers are ever evolving, and that everyone needs account takeover protection.
BEC, Spear Phishing & Collaboration Examples in a single attack.
While it is a known fact that phishing, BEC, and collaboration-tool based attacks are becoming more and more prevalent, it is even more interesting to see all three trends within one attack. In the attack described below, we see BEC, Spear Phishing & Collaboration Examples and how the attacker combines common impersonation techniques with the […]
A Phishing Link, Some Social Engineering and Evasion – The Foremost Recipe for Cybertheft
What happens if you take a pinch of social engineering, a grain of evasion, and throw some anonymization techniques into the mix? Well, a perfect recipe for phishing. Check this example to see how attackers try to lure end-users to act wrongfully.
Bringing PREVENTION Back!
Listen to this short podcast to learn about content-based threats, the potential cyber threats of collaboration tools, and how the COVID-19 pandemic affects the current threat landscape. At the end of this session, you can also learn how Perception Point solves these issues and how we’re bringing PREVENTION is back.
The Triple Trouble: 3-Stage Phishing Attack.
Perception Point’s platform intercepted a unique, 3-stage attack that uses multiple evasion techniques, in order to infiltrate the targeted organization. In this post, we will present the complex attack and how Perception Point’s unique engines prevented it.
A Hop to Modern Email
Introduction to one of the most common methods of communication
User Experience vs. Cyber Security
There’s a tension between security and business enablement. There’s also a tension between security and user experience. So what can you do about it? A full article on the dos and don’t’s on user experience in cybersecurity
New cyber campaign leveraging OneDrive.
Perception Point has once again discovered a new attack trend hitting our clients. Perception Point intercepted this new attack campaign through its Advanced Cloud Storage Security solution. In this attack, we will show how attackers are leveraging OneDrive in order to evade detection and take advantage of a new attack vector.
Phishing Campaign Trend: Microsoft Teams.
In the following incident, it is very interesting to see how the attackers have improved their messaging and framework significantly to try trick the end-users. Just in the design there are several aspects to point out that are used to lure the end-user to follow the path as set by the attacker: Display name spoofing: […]
COVID-19 – Update on New Cyber Campaigns.
Perception Point continues to bring you the latest in coronavirus-themed attacks, trying to show you the wide variety that we see daily. In the following update, one can see that attackers have been improving their messaging and are using the pandemic as a “background story” to the ongoing business handled between them and the targets. […]
The State of Mind of Being #1.
Why Perception Point Topped SE Labs’ Independent Email Security Testing.
Perception Point Receives Top Overall Ranking in SE Labs Independent Testing.
After testing a range of email hosted protection services, Perception Point wins SE Labs
Email Security Services Protection Award
Phishing Attempt Using Slack Referrer URL.
In this update, we will show how attackers are leveraging Slack referrer URL in order to lead victims to phishing pages, thus evading legacy solutions.
COVID-19 – Update on New Cyber Campaigns.
As the Coronavirus continues to keep organizations world wide working remotely, Perception point continues to see more and more “COVID-19” themed attacks. As always, they are improving in their sophistication and evasion. Below is an overview of 2 new attacks caught by our system, with an in-depth malware analysis of one of the campaigns
The Salesforce Loophole.
Overview. Today we present a blog that combines two main trends: (i) The use of collaboration channels to spread malware (Salesforce) and (ii) The increase in attackers’ sophistication and evasion techniques. In this case, the malicious actor tried to attack via the most popular CRM application in the world – Salesforce. This new “open vector” […]
COVID-19 – When the Virus Spreads to New Channels.
Today’s blog shows an interesting change in the way attackers act. Unlike previous incidents we published, this report lays out Coronavirus-themes attacks which are not originated from email but though other collaboration channels, such as cloud storage platform and files shared in internal networks. This shift demonstrates how attackers have been evolving and how they look for new ways into their targets.
COVID-19 – The Microsoft Excel Puzzle.
The following attack presented in this report is only one of many our system has prevented in the last couple of weeks. It is now being used extensively in COVID-19 campaigns. In this example, we show how the malware operates and present the execution chain. We welcome you to contact us to discuss this attack […]
COVID-19 – Update on New Cyber Campaigns.
Today’s report includes two attacks – a phishing using a spoofing technique and a malicious archived .exe file. Each of these attacks show how the attacker gathers intelligence on their targets. CISO’s and security experts must always be on top of the recent trends and make sure their security vendor knows how to stop these new attacks.
COVID-19 – Update on New Cyber Campaigns.
Perception Point continues to see more coronavirus-themed attacks, which seem to continuously increase by the day. Some of these campaigns have added new levels of complexity, such as the use of evasion techniques, as well as evolving with the attack story line itself. In the following update we collected three new attack campaigns and one […]
COVID-19 – Update on New Cyber Campaigns.
Perception Point continues to see more coronavirus-themed attacks, which seem to increase in quantities and improve in quality, by the day. In the following update we collected 3 different phishing attacks which demonstrate how attackers have evolved. We would like to highlight the “Key notes” for Phishing Campaign #2. These insights give CISOs and security experts additional […]
COVID-19 Malware Attacks
In this blog we provide COVID-19-themed cyberattack examples, focusing on COVID-19 malware attacks and phishing attempts.
COVID-19 Cyber Campaign: Domain Spoofing
In this post we provide examples of COVID-19 campaigns, caught by our advanced threat detection platform and analyzed by our IR team.
COVID-19 Phishing Campaigns Alert
In this post, we discuss some of the COVID-19 phishing campaigns caught by our anti-phishing engine and analyzed by our IR team.
Anti-Phishing Software – A Growing Necessity for Google Services
In this blog, we will show how attackers take their creativeness to the next level by leveraging Google services in order to orchestrate new types of phishing attacks.
BEC Scams: Mimecast Spoofing
Learn about a BEC scam comprised of two layers: spoofing a user’s email address and a phishing attempt to get Office 365 log-in credentials.
Campaign Alert: G Suite Phishing
Learn how Perception Point detected a widespread phishing attack campaign by noticing the common factor of G Suite account tools usage.
BEC: You Have (Almost) Been Compromised!
Learn more about BEC (Business Email Compromise), an impersonation-based attack leveraging social engineering techniques.
Statement of Account Email Attack
Learn about the widespread attack in which users first receive an email from an external source requesting an updated Statement of Account.
Campaign Alert: Call Me ASAP
Learn how attackers take an email address and insert it into the account name so users believes the site is legitimate in a recent campaign.
Incident Report: CV or Cyber Vector?
In this post we discuss how a cyber attack involving malicious macro code was disguised as a CV delivered via email.
Incident Report: Fibonacci Backdoor & Malicious Email
Learn how the Fibonacci backdoor infection process grants an attacker control to remotely execute commands through malicious email.
Perception Point Integrates With Box
Learn how Perception Point’s technology will integrated into Box’s solution, providing additional threat detection for Box customers.
Incident Report: Fax Attack
Learn how a fax attack tricks employees into click on a phishing link by leveraging known cybersecurity service, EFax.
AWS Selects Perception Point as a Technology Partner
Perception Point has been recognized as a Select Technology Partner in the Amazon Web Services (AWS) Partner Network.
Incident Report: AP28 – Fancy Bear
In this post we discuss how Perception Point protects against highly advanced threats like APT28 (Fancy Bear).
Incident Report: Trick or Treat
In this post we discuss a phishing technique that tricks users into thinking an image of the attached file can be opened in snapshot mode.
Changing Memory Protection in an Arbitrary Process
In Linux, the API to change memory protection is called Mprotect or pkey_mprotect, and both operate on the current process’ address space.
Incident Report: Hijacked Email Account
In this post we discuss how the main aspect of hijacking is using a legitimate user’s email account in order to deliver malware.
Incident Report: Excel Macro Puzzle Attack
We discuss how attackers use a legitimate user’s email account and macro code to deliver malware as the response to an existing email thread.
Incident Report: Fake Password Protected Files
In this post we discuss how attackers are using fake passwords and logins to trick users in entering their real credentials.
The Gödel Proof & the Malware-Detection Spoof
In this post we take inspiration from Kurt Gödel looking at the system from an outsider’s point of view to detect malware.
Malicious Macro Commands
This incident analysis report provides a detailed understanding of an attack and the damage that macro commands could have caused. Read more.
Most Popular “At-Work” Apps are Among the Most Vulnerable to Cyberattacks
New Survey by Perception Point finds 80% of IT decision makers think popular “at-work” apps are the most vulnerable to cyberattacks.
Phishing Links are Moving to Email Attachments
In this post we discuss how attackers are putting embedded URLs inside email attachments instead of the email body to evade security filters.
Analysis and Exploitation of a Linux Kernel Vulnerability
Learn how the Linux kernel vulnerability is caused by a reference leak in the keyrings facility, primarily for drivers to cache security and other data. CVE-2016-0728.
Hardware vs. Software-based Detection
As with any market where crime is lucrative, cybersecurity will always exist, and the more digital the world becomes, the more it will grow. This market is so dynamic because it follows a cat-and-mouse model where the defenders are continuously trying to catch up to the attackers. In this article we’ll discuss how this has […]
Perception Point Closes $8M Series A Round
Perception Point raises capital in Series A round led by Pitango and State of Mind Ventures for commercial launch.
