Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Phishing

8/6/2018
09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims

An analysis by APWG saw a significant increase in the number of phishing attacks in the first quarter of this year, as cybercriminals looked for new victims.

Phishing activity in the first quarter of this year jumped 46% compared to the same period last year, according to a new security analysis by APWG.

The report, unsurprisingly entitled "Phishing Activity Trends Report, 1st Quarter 2018," also found that the number of phishing emails detected in the first quarter of 2018 stood at 263,538, up from the 180,577 observed in in the fourth quarter of 2017.

The first-quarter 2018 number is also significantly more than the 190,942 phishing emails researchers saw during the third quarter of 2017.

The report analyzes phishing attacks reported to the APWG by its member companies, through the organization's website and by email submissions. APWG counts unique phishing emails as those found in a given month that have the same subject line in the email.

The report also found that the online payment sector was targeted by phishing more than in any other industry sector, receiving 39.4% of all phishing emails.

Increases in phishing that targeted SAAS and webmail providers (19%) and file hosting/sharing sites (11%) were found. Yet phishing against banks' brands dropped slightly, to 14%.

These unique URLs are automatically generated by phishers to allow for a one-time access by victims to a unique phishing URL.

The domain names were used by phishers were found to generally match market share among top-level domains and registrations. This may be because the phishers look for the cheapest and most ubiquitous registers when constructing their fraudulent activities.

The structure of phishing sites seems to have changed as well.

At the end of 2016, APWG found less than 5% of phishing sites were found on HTTPS infrastructure. By the second quarter of 2018, more than a third of phishing attacks were hosted on websites that had HTTPS and SSL certificates.

Since an SSL certificate is not necessary for a malicious website, why is this increase happening? It may be that phishers believe that the "HTTPS" designation will make a phishing site seem more legitimate to potential victims and more likely to lead to a successful outcome.

They may be right.

Not only that, many new browsers such as Chrome will insist on the HTTPS protocol be used by a site in order to seamlessly navigate to it without a displayed warning.

The report also noted an increase in activity in Brazil. Specifically, the study found many changes were occurring. The first quarter totals were slightly above the fourth quarter 2017 total of 16,559. Web site scams rose from 6,293 in the fourth quarter to 9,061 in the first quarter of this year, while mobile app scams fell from 3,184 in fourth quarter to 1,840 in first quarter.

Brazilian APWG members also reported SMS texts sent to mobile phones were used frequently. These messages sent phishing URLs to victims.

The report shows phishing isn't going away, but will change in how it responds to external forces.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.