KnowBe4 launches Threat Labs to combat phishing threats

KnowBe4 has initiated Threat Labs to address human-targeted cybersecurity attacks, focusing on research and mitigation of email threats and phishing attacks.

The project includes collaboration with Australia's Egress, which KnowBe4 acquired last year. The research team at KnowBe4 Threat Labs comprises analysts who explore the latest phishing strategies and create methods to counteract these threats preemptively.

Dr. Martin Kraemer, Security Awareness Advocate at KnowBe4, said, "KnowBe4 Threat Labs is a momentous step forward in providing actionable intelligence on emerging cyber risks related to human risk management. This intelligence is based on continuous monitoring and in-depth investigations of the global threat landscape."

The initial publication from the Threat Labs, 'Using Genuine Business Domains to Harvest Credentials,' examines an advanced phishing campaign targeting various organisations to procure Microsoft credentials. The threat actors employed a compromised domain, its subdomains, bulk email services, and open redirect vulnerabilities to bypass detection and enhance the likelihood of successful clicks.

Jack Chapman, Head of Threat Intelligence at Egress, commented, "KnowBe4 Threat Labs will specialise in topic areas related to social engineering, phishing and human-factor security. It will help to empower organisations to strengthen their security posture through cutting-edge research and timely threat analysis."

Research findings from KnowBe4 Threat Labs are made accessible to the public via the KnowBe4 Blog, offering ongoing insights into prevalent cybersecurity threats and strategies against them.