Phishing campaigns have grown more than 400% from January to June in 2019, and attackers are becoming more sophisticated in their tactics by using a trusted domain and designing their fake web pages by personalizing the campaign to seem more legitimate, a new bi-annual report reveals.
Webroot, a Carbonite company, and a cybersecurity service provider published its bi-annual threat report revealing that since January 2019, phishing sites are becoming more notorious in tricking potential victims by using HTTPS certificates and Windows 7 exploits. The report showed that the occurrence of attackers using (potentially) fake SSL certificates and Windows 7 exploit rose to up to 70% for the first half of the year.
The Webroot Threat Report: Mid Year Update is a study on the latest trends in the evolving cybersecurity environment and is published twice a year by the company. It reveals that the new wave of phishing campaigns are starting to become more personalized as attackers are using it in other cybersecurity exploits and are no longer limited to mere account takeovers.
Phishing campaigns are cyber attacks carried out by malicious actors by posing as legitimate websites and login pages in order to trick victims into keying in their login information, which will then be captured by the attacker and be used in a number of other attacks like identity theft and financial fraud. The report is instrumental as it reveals that not only are the attackers are using websites that are designed exactly to copy the legitimate login pages of services but they are also now using more sophisticated spoofing techniques like masking their URL through secured network certificates like HTTPS.
Nearly 24% of the malicious URLs that were discovered by the researchers from Webroot was found to be hosted on trusted domains. The researchers said that this is because the hackers are now aware that using a trusted network and domain will raise lesser suspicion among users and could even trick established security protocols. Specifically, at least 29% of the detected phishing web pages use HTTPS as a method of tricking users into believing they’re on a trusted site.
The results found in the first half of 2019 have grown 400% as the phishing campaign becomes more popular among hackers. The report said that phishing campaign most often targets SaaS/Webmail providers (29%), financial institutions such as banks (19%), social media (16%), retail (14%), file hosting and cloud providers (11%), and payment services companies (8%).
Phishing campaigns are becoming more personalized
The report also revealed that attackers are employing phishing techniques not only to gather login credentials for account takeovers. The researchers noted that attackers are using them in more sinister and destructive operations such as extortion, blackmail, and other forms of harassment. Furthermore, the new trend in phishing campaigns shows that attackers are no longer just scraping for passwords and usernames; they are also collecting secret questions and their answers.
“We are beginning to see hackers create more personalized phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate. These tactics take advantage of familiarity and context, and result in unwarranted trust,” said Tyler Moffit, senior threat research analyst at Webroot. “Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”