Tag: Threat Spotlight
Threat Spotlight: The good, the bad, and the ‘gray bots’
This edition of the Threat Spotlight focuses on the ‘gray bots’. Bots are automated software programs designed to carry out online activities at scale. There are good bots — such as search engine crawler bots, SEO bots, and customer service...
Threat Spotlight: A million PhaaS attacks in two months
The first few months of 2025 saw a massive spike in phishing-as-a-service (PhaaS) attacks targeting organizations around the world, with more than a million attacks detected by Barracuda systems in January and February. The attacks were powered by several leading...
Threat Spotlight: Tycoon 2FA phishing kit updated to evade inspection
This Threat Spotlight sheds light on the Tycoon multi-factor authentication phishing kit and the tactics it uses to evade protection solutions. Phishing-as-a-Service (PhaaS) provides attackers with advanced toolsets and templates that enable them to quickly deploy phishing campaigns. The rapid...
Threat Spotlight: Phishing techniques to look out for in 2025
Over the last few months, Barracuda’s threat analysts have reported on several advanced phishing techniques implemented by attackers to evade security controls and make malicious emails look more convincing, legitimate, and personal. In this blog post, we look at how these and...
Threat Spotlight: Bad bots are evolving to become more ‘human’
The bot landscape is changing. Malicious — or bad bots — are evolving to become more advanced and human-like in their behavior, while an emerging category of AI bots, which we might think of as “grey bots,” is blurring the...
Threat Spotlight: Evolving ‘we know where you live’ tactics personalize sextortion scams
Sextortion scams are a type of extortion where criminals attempt to extort money from victims by threatening to release explicit images or videos unless demands are met. Leveraging usernames and passwords stolen in data breaches, criminals contact victims and claim...
Threat Spotlight: The evolving use of QR codes in phishing attacks
QR code phishing, also known as quishing, is a type of social engineering attack. Cybercriminals try to trick victims into using the camera on their mobile phone to scan a QR code that goes to a malicious website to steal sensitive...
Threat Spotlight: How ransomware for rent rules the threat landscape
This year’s annual review of ransomware attacks looks at the threat from two perspectives. First, for the third year running we’ve taken a global sample of reported ransomware attacks and analyzed what they tell us about ransomware attackers and their...
Threat Spotlight: The remote desktop tools most targeted by attackers in the last year
Remote desktop software allows employees to connect into their computer network without being physically linked to the host device or even in the same location. This makes it a useful tool for a distributed or remote workforce. Unfortunately, remote desktop...
Threat Spotlight: Web apps under active threat from 10-year-old Shellshock bugs and miners
The Shellshock bugs — there are six related CVE designations — have the highest severity rating of 10. They exist in the Unix Bash shell, which is the default command-line interface on all Linux, Unix, and Mac-based operating systems. If...
