Phishing attacks have increased by 38 percent overall in Q2 2015, and the growth has been spurred partly by the ever-growing number and sophisticated types of phishing attacks specifically designed to gain access to corporate information.
Looking beyond heavily phished domains such as PayPal, Apple and Gmail, the CYREN security analysts examined a vast variety of other phishing campaigns that seek out financial gain or specific intelligence from businesses rather than consumers.
They found these more sophisticated attacks to be consistently grouped into two categories:
Indirect phishing attacks – Cybercriminals deploy a series of attacks that add up to a successful phishing campaign – usually in combination with organizational information from other sources such as LinkedIn. For example, an employee using their own Apple device is tricked into giving away iTunes credentials as part of an attack, which can give access to contact or calendar information. Additionally, an employee with a cloud-based company email (such as from Office 365 or branded Gmail accounts) could be successfully phished, providing the attacker with a platform for sending malicious emails that appear safe.
Direct phishing attacks – Cybercriminals seek login credentials for actual business systems. During Q2 2015, CYREN security analysts found multiple examples of phishing attempts on Outlook credentials. Aside from email access, these credentials are frequently used for domain logins, providing an attacker with the tools to access far more than just email. Other cloud-based services, such as Dropbox or Salesforce, can also provide an attacker with direct access to valuable company data.
“We are seeing a shift in emphasis by the cybercriminals away from the mass-distribution ‘nickel and dime’ campaigns looking for quick-hit revenue that have been the staple of the cybercrime industry for the last 10 years or more, and toward using that same mass-distribution infrastructure for the dissemination of more highly targeted and powerful threats,” said Lior Kohavi, CTO at CYREN. “This shift highlights a problem with legacy security tools and technologies. These tools were designed to provide protection in a threat landscape consisting of slow-evolving threat types, the majority of which were iterations of previously-detected threats.”
Kohavi continued, “If the trend we are seeing now proves to be true, security professionals have real cause for concern, as it means that their enterprises will be exposed to an ever-increasing volume of threats, each one possessing the capability to severely impact their organization. In this new reality, security powered by “offline” technology models, such as periodic updates to local static databases, can no longer provide meaningful protection.”
Other report highlights include:
- A deeper look at the 50% increase in detected malware using Adobe Flash Player
- Vietnam stands as the world leader of spam-sending zombies
- New Android malware down 20% from Q1 2015
- The frequently ineffective use of script blocking
- The increasing burdens created by Java
- Attempted trickery by spammers actually backfiring.