Market Overview

APWG Report: Cybercrime Gangs Ramp Up Phishing Attacks in 2018

Share:

Criminals continue to go where the money is

According to the APWG's new Phishing Activity Trends Report,
phishing in the first part of 2018 surged 46 percent higher than late
2017. The total number of phish detected in the first quarter of 2018
was 263,538. That was up from the 180,577 observed in the fourth quarter
of 2017. It was also significantly greater than the 190,942 seen in the
third quarter of 2017.

The phishing attacks of early 2018 targeted users of online payment
services more than in any other industry sector, accounting for 39
percent of all phishing attacks. APWG member MarkMonitor also saw modest
increases in phishing that targeted SAAS/webmail providers (19 percent
of the total) and file hosting/sharing sites (11 percent). Phishing
against banks' brands dropped slightly, to 14 percent.

The full text of the report is available here:
https://docs.apwg.org/reports/apwg_trends_report_q1_2018.pdf

Some phishers also adjusted their tactics in the period. "In Q1 2018,
there was a marked increase in URL detections starting in February and
ramping up through March, but the number of unique phishing domains
remained flat," said Stefanie Ellis, AntiFraud Product Marketing
Manager, MarkMonitor. "This increase in URLs can largely be attributed
to one-time-use URLs. These unique URLs are automatically generated by
phishers to allow for a one-time access by victims to a unique phishing
URL."

In other news, APWG member RiskIQ analyzed what domain names were used
by phishers and found domain use generally matched market share among
top-level domains and registrations.

"Because cybercriminals focus on the cost-benefit analysis of their
activities, they like to register their domains with the cheapest, most
common registrars," said Yonathan Klijnsma, Head Researcher at RiskIQ.
"This is why phishing domain use often correlates with the market share
of top-level domains and why the web hosters associated with phishing
sites—many of which come from compromised websites—are typically the
largest ones. For instance, GoDaddy, the largest hosting provider in Q1
2018, was also the top registrar affected by phishing."

APWG member PhishLabs continued its monitoring of the use of HTTP
protection on phishing web sites. By the second quarter of 2018,
PhishLabs more than a third of phishing attacks were hosted on Web sites
that had HTTPS and SSL certificates, reflecting and the general increase
in HTTPS deployment on the Internet.

Crane Hassold, PhishLabs Director of Threat Intelligence, said,
"Following the pattern we've seen over the past 18 months, the
percentage of HTTPS phishing sites continues to grow and now comprises
more than a third of all attacks globally. While some of this increase
is due to the general adoption of HTTPS across the web, much of this
trend has been driven by threat actors registering malicious domains and
obtaining free SSL certificates to make their phishing sites appear more
legitimate. As browsers add more negative visual indicators that cause
general web users to become less trusting of HTTP websites, we expect
this trend to continue and likely accelerate."

Axur, the APWG's observer in Brazil, recorded significant increases in
web-based scams on sites like Facebook, and saw phishing via text
messages.

APWG European research chapter, APWG.EU, will be hosting two programs
this fall in Poland:

The Symposium on Global Cybersecurity Awareness – Sept. 11-12 in Warsaw

https://apwg.eu/warsaw-symposium-global-cybersecurity-awareness/

EU Symposium on Electronic Crime Research – Sept. 17-19 in Warsaw

https://apwg.eu/eu-symposium-electronic-crime-research/

About the APWG:

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global
industry, law enforcement, and government coalition focused on unifying
the global response to electronic crime. Membership is open to qualified
financial institutions, online retailers, ISPs and Telcos, the law
enforcement community, solutions providers, multi-lateral treaty
organizations, research centers, trade associations and government
agencies. There are more than 2,200 companies, government agencies and
NGOs participating in the APWG worldwide. The APWG's <www.apwg.org>
and <education.apwg.org> websites offer the public, industry and
government agencies practical information about phishing and
electronically mediated fraud as well as pointers to pragmatic technical
solutions that provide immediate protection. The APWG is co-founder and
co-manager of the Stop. Think. Connect. Messaging Convention, the global
online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/>
and founder/curator of the eCrime Researchers Summit, the world's only
peer-reviewed conference dedicated specifically to electronic crime
studies <www.ecrimeresearch.org>.
APWG advises hemispheric and global trade groups and multilateral treaty
organizations such as the European Commission, the G8 High Technology
Crime Subgroup, Council of Europe's Convention on Cybercrime, United
Nations Office of Drugs and Crime, Organization for Security and
Cooperation in Europe, Europol EC3 and the Organization of American
States. APWG is a member of the steering group of the Commonwealth
Cybercrime Initiative at the Commonwealth of Nations. Among APWG's
corporate sponsors are: AhnLab, AnchorFree, AT&T (T), Afilias, Avast!,
AVG Technologies, BBN Technologies, Barracuda Networks, BillMeLater,
Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure
Technologies, CSC Digital Brand Services, Check Point Software
Technologies, Comcast, CSIRTBANELCO, Cyber Defender, DigiCert, Domain
Tools, Donuts.co, Easy Solutions, eBay/PayPal (EBAY), eCert, EC Cert,
ESET, EST Soft, Facebook, Forcepoint, Fortinet, FraudWatch
International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri,
Hitachi Systems, Ltd., Huawei Symantec, ICANN, Iconix, Infoblox (BLOX),
IronPort, ING Bank, Intuit, Internet.bs, IT Matrix, iThreat Cyber Group,
Kindsight, LaCaixa, Lenos Software, LINE, Lookingglass, MailChannels,
MailChimp, MailShell, MarkMonitor, M86Security, McAfee (MFE), Melbourne
IT, MessageLevel, Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint,
NHN, MyPW, nProtect Online Security, Netcraft, Network Solutions,
NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software,
Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, QinetiQ,
Return Path, RSA Security (EMC), RuleSpace, SalesForce, SecureBrain,
S21sec, SIDN, SiteLock, SoftForum, SoftLayer, SoftSecurity, SOPHOS,
SunTrust, SurfControl, Symantec (SYMC), Tagged, TDS Telecom, Telefonica
(TEF), TransCreditBank, Trend Micro (TMIC), Trustwave, Vasco (VDSI),
VeriSign (VRSN), Wombat Security Technologies, and zvelo.

View Comments and Join the Discussion!