Phishers shift efforts into attack SaaS & webmail services #Cyber_AttackMarch 22, 2019
The good news is that the total number of conventional, spam-based phishing campaigns declined as 2018 came to a close, while the bad news is that users of software-as-a-service (SaaS) systems and webmail services are being increasingly targeted.
The total number of phishing sites detected by APWG in 4Q was 138,328 – down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.
This general decline in the number of phishing campaigns as the year went on may have been a consequence of anti-phishing efforts – and/or the result of criminals shifting to more specialized and lucrative forms of e-crime than mass-market phishing.
There is growing concern that the decline may be due to under-detection.
The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.
Phishing that targeted SaaS and Webmail services jumped from 20.1 percent of all attacks in Q3 to almost 30 percent in Q4.
Attacks against cloud storage and file hosting sites continued to drop, decreasing from 11.3 percent of all attacks in Q1 2018 to 4 percent in Q4 2018.
Researchers at APWG member PhishLabs observed that in the final quarter of 2018, the number of phishing attacks hosted on Web sites that have HTTPS and SSL certificates declined for the first time in history.
“Phishing sites using SSL decreased slightly in Q4 2018 compared with Q3 – down 3 percent to about 47 percent,” said John LaCour, Chief Technology Officer of PhishLabs.
“However, it remains true that nearly half of phishing sites use digital certificates to makes attacks look more legitimate and avoid browser warnings.”
However, the list of the 10 most prevalent TLDs used in phishing attacks includes several TLDs that are far less familiar for typical internet users – country code domains associated with Palau (.pw), the Central African Republic (.cf), Mali (.ml), and Gabon (.ga). Oftentimes, the allure of domain name registrations under these TLDs lies in their easy and free availability, hence no need for attackers to hijack legitima…