Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Phishing

2/15/2018
11:30 AM
Dawn Kawamoto
Dawn Kawamoto
Dawn Kawamoto
50%
50%

Kaspersky: Phishing Attack Attempts Soared 59% in 2017

There has been dramatic, year-over-year growth in phishing attacks, following only a slight increase in 2016 and a two-digit decline in 2015, according to a report released by Kaspersky Lab.

Phishing attack attempts pinged users' computers more than 246 million times during 2017, a 59% increase over the previous year, according to Kaspersky Lab's "Spam and Phishing in 2017" report released Thursday.

That jump was dramatically higher than the 4.5% year-on-year increase in attempted phishing attacks against users running Kaspersky Lab's anti-phishing systems in 2016. And it marked a significant shift from the 43% decrease in 2015 over the previous year, Nadezhda Demidova, lead web-content analyst at Kaspersky Lab, told Security Now.

"We expected this growth. At some point the attacks became more targeted and the cybercriminals focused on this," Demidova said. "Now, criminals are developing their technologies, like the rest of the digital world, and even fairly simple examples of phishing can be tailored to the victim on the fly, which makes mass attacks more successful."

Spam, meanwhile, declined a slight 1.68 percentage points to an average of 56.6% of email traffic in 2017, according to the February 15 report from Kaspersky Lab. This decline comes as fewer Cryptolockers used in ransomware attacks were detected in spammed emails in 2017, compared with the previous year, the report notes.

Spam, however, is expected to rise this year.

"In 2018, we expect further development and growth of cryptocurrency-related spam and phishing -- with more cryptocurrency diversity besides Bitcoin, which was widely used in the previous year, and with 'pump and dump' schemes," noted Darya Gudkova, a Kaspersky Lab spam analyst expert, in a statement.

Bitcoin phishing lures
Bitcoin rocketed from $1,000 per coin in January last year to record heights of nearly $20,000 per coin by mid-December. As a result, cybercriminals were furiously at work creating phishing schemes to lure in victims with bogus cloud services to mine for cryptocurrency, rental use of fake specialized data centers to power cryptocurrency mining equipment and software and websites disguised as cryptocurrency exchanges.

But since mid-December, Bitcoin prices have sharply plunged to half its previous value. This may reduce blockchain-related tricks for phishing pages that mimic crypto-wallets, Demidova said.

"The number of system triggers on these pages really depends on the price of the crypto currency. So, everything will depend on the prices of crypto-currencies and the level of excitement around them," she said.

Instigators & targets
The US topped the list of the most popular sources of spam, accounting for 13.2% of the nefarious emails generated in 2017, according to the report. China followed with 11.3% and Vietnam with 9.9%.

As for countries that were targeted the most by malicious spam, Germany took the lead with 16.3%, followed by China, Russia, Japan, UK, Italy, Brazil, Vietnam, France and the UAE.

As for the country with the largest percentage of users affected by phishing attacks, Brazil topped the list with 29%, the report noted.

Unsecure HTTPS
The days of relying on the "S" in HTTPS to indicate a site is encrypted and secure are apparently vanishing.

The report notes that certificates issued to HTTPS websites do not necessarily guarantee the site is secure and that anyone -- or anything -- could be behind it.

Domains created specifically for malicious purposes may likely use free 90-day certificates from Let's Encrypt and Comodo, two certificate authorities, Kaspersky Lab reports.

The increasing amount of sites that use HTTPS, including unsafe sites, should be an issue that CISOs take note of in the report, Demidova said.

Related posts:

— Dawn Kawamoto is an award-winning technology and business journalist, whose work has appeared in CNET's News.com, Dark Reading, TheStreet.com, AOL's DailyFinance, and The Motley Fool.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15864
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...