Security operations | 9 min read
Beware QR code phishing & other Grinchy scams this holiday season

As the holidays approach, cyber Grinches are targeting phishing campaigns to steal data, credentials and more. Look out for these email scams while online shopping and checking your inbox this season.

Security operations | 2 min read
Emerging Threats: Microsoft Exchange On-Prem Zero-Days

Until a patch is issued for the Microsoft Exchange Server zero-day vulnerabilities, there are a few things security teams can do to temporarily mitigate risk. Here’s what we recommend.

Threat intelligence | 3 min read
Expel Quarterly Threat Report: Cybersecurity data, trends, and recs from Q1 2022

Top takeaways from our first quarterly report, filled with patterns and trends we identified from Q1 2022. Our goal? Help translate the events we detect into a security strategy for your organization.

Security operations | 8 min read
Top Attack Vectors: February 2022

This report dives into the top attack vectors and trends among the incidents our SOC investigated in February 2022. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 6 min read
Top Attack Vectors: January 2022

This report dives into the top attack vectors and trends among the incidents our SOC investigated in January 2022. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 4 min read
Attack trend alert: AWS-themed credential phishing technique

They’re at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users. Find out how our crew identified and triaged a phishing email.

Expel insider | 2 min read
Great eXpeltations 2022: Cybersecurity trends and predictions

Introducing Great eXpeltations 2022: Cybersecurity trends and predictions — an annual report from our security operations center (SOC) on top threats, how to handle them, and what to expect this year.

Security operations | 7 min read
Top Attack Vectors: December 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in December 2021. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 7 min read
Top Attack Vectors: November 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in November 2021. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 6 min read
Top Attack Vectors: October 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in October 2021. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 5 min read
Top Attack Vectors: September 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in September 2021. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 5 min read
Top Attack Vectors: August 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in August 2021. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 5 min read
The top phishing keywords in the last 10k+ malicious emails we investigated

Curious how attackers are prompting victims to engage with phishing campaigns? Check out the top keywords from the malicious emails our SOC investigated and our top resilience recommendations.

Security operations | 5 min read
Top Attack Vectors: July 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in July 2021. Learn our key recommendations to protect your org from these types of attacks.

Security operations | 9 min read
Well that escalated quickly: How a red team went from domain user to kernel memory

A red team recently swooped in and showed off some new tactics. What started as a PowerShell download cradle quickly turned into a custom rootkit download. Find out how we spotted the crafty red team.

Security operations | 5 min read
Incident report: Spotting SocGholish WordPress injection

Our SOC stopped a ransomware attack that compromised WordPress CMS to trigger a drive-by RAT download. Find out what happened, how we caught it, and our recommendations to secure your WordPress CMS.

Security operations | 4 min read
Swimming past 2FA, part 1: How to spot an Okta MITM phishing attack

Crafty attackers are finding new ways to bypass multiple-factor authentication. Find out how our SOC detected an attack and get some tips on how your org can prevent credentials phishing.

Security operations | 3 min read
Kaseya supply chain attack: What you need to know

A new ransomware attack upheaved the beginning of Fourth of July weekend. Fortunately, there are steps you can take right now to stay safe. Find out what’s happening and how Expel is looking ahead.

Security operations | 4 min read
Someone in your industry got hit with ransomware. What now?

We’re noticing a trend in ransomware attacks. But that doesn’t mean it’s time to go into panic mode. Find out what you need to know and get some tips on how you can keep your org safe.

Security operations | 7 min read
Cloud attack trends: What you need to know and how to stay resilient

We shared the top attack trend spotted during the pandemic and what to keep an eye out for looking ahead. But how do you remediate and stay resilient against these attacks? Our crew shares some tips.

Security operations
The top cybersecurity attack trend we saw emerge during the COVID-19 pandemic

Check out our newest infographic to learn about the top attack trend during the COVID-19 pandemic, how our SOC’s data reinforces these recent findings and how you should be looking ahead.

Security operations | 3 min read
Attack trend alert: REvil ransomware

Expel’s SOC spotted a new trend in REvil campaigns and they’re sounding the alarm. Find out what’s new about this type of attack, how our analysts spotted it and what you can do to protect your org.

Threat intelligence | 6 min read
Supply chain attack prevention: 3 things to do now

What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.

Security operations | 3 min read
The SolarWinds Orion breach: 6 ideas on what to do next and why

Here are some of our early observations on the SolarWinds Orion breach, plus our ideas on what to do next to detect related activity and better protect your org.

Security operations | 6 min read
Evilginx-ing into the cloud: How we detected a red team attack in AWS

Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.

Security operations | 9 min read
Obfuscation, reflective injection and domain fronting; oh my!

During a recent red team engagement, the CrowdStrike EDR Platform alerted our SOC team on the execution of a suspicious VBScript file. This is what they learned from untangling the malware code.

Security operations | 7 min read
Managed Detection & Response for AWS

Learn how Expel detected and responded to an Amazon Web Services access key crisis with Amazon GuardDuty & CloudTrails logs securing cloud insecurities.

Security operations
Here’s what you need to know about business email compromise (BEC)

How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.