Latest Insights

Bug Bounty Programs – a Public Good that is a Necessity for Corporates, SMEs, and Individuals Alike

As the cyber threat landscape continues to evolve and threat actors increasingly target vulnerable external-facing assets, bug bounties present organizations with an opportunity to proactively identify and remediate vulnerabilities before they can be exploited by attackers. In today’s digital age, cyber threats have become increasingly prevalent, and enterprises are struggling to keep up with the…

24th April 202325th April 2023

Secure Your Holidays: The Case of Qakbot and Black Basta

On the eve of Christmas, a suspected Black Basta affiliate conducted a ‘quick and dirty’ attack on a global client, lending insight into the opportunistic targeting of victims during holiday downtime periods. The Significance of Dates The holidays are a time for rest and rejuvenation for most. But for attackers, the holidays present a timely…

10th March 202320th April 2023

Forecasting the Cyber Threat Landscape: What to Expect in 2023

In a blink of an eye, 2023 is upon us. As we bid farewell to another record-breaking year of increased disclosed vulnerabilities, ransomware incidents, phishing scams, data breaches, and crypto heists, it is hard not to imagine that this year will be any less eventful as threat actors aggressively lower the barriers to entry of…

16th January 202317th January 2023

LockBit 3.0: New Capabilities Unlocked

LockBit persists as the most prominent Ransomware-as-a-Service (RaaS) groups in 2022, showcasing heightened capabilities in their LockBit 3.0 iteration and a persistent nature to continuously evolve. As the LockBit RaaS group re-emerges with their new and improved ransomware, LockBit 3.0 (also known as LockBit Black), we observed new capabilities and a heightened sophistication based on…

7th November 202218th January 2023

Hong Kong and Singapore Citizens Actively Targeted by Large-Scale Global Smishing Campaign

PwC’s Dark Lab uncovers a large-scale smishing campaign actively targeting Hong Kong and Singapore citizens by masquerading as trusted and reputable locally based public and private postal service providers. On 21 September 2022 , PwC’s Dark Lab observed SMS phishing (smishing) activity targeting mobile users in Hong Kong. The message masqueraded as the postal service…

20th October 202218th January 2023

Phishing for Profit: Business Email Compromises

There are plenty of phish in the sea and they’re back with new tricks! Dark Lab responds to multiple business email compromise campaigns targeting Hong Kong. We outline two recent incidents, sharing the Tactics, Techniques, and Procedures (TTPs) observed, and recommendations on how to prevent, detect, and respond to a phishing attack. Business email compromise…

6th October 202218th January 2023

Loading…

Something went wrong. Please refresh the page and/or try again.