The number of phishing attacks grew through 2020, fully doubling over the course of the year. Attacks peaked in October 2020, with a high of 225,304 new phishing sites appearing in that month alone, breaking all previous monthly records, according to APWG.
In Brazil, security firm Axur saw a slower growth in the number of phishing attacks that targeted Brazilian companies and consumers in Brazil. But overall, it observed almost twice as many such phishing sites in 2020 as it did in 2019, a concerning year-over-year growth.
Phishing mostly targeting financial institutions
OpSec Security found that phishing that targeted financial institutions was the largest category of phishing in the fourth quarter, at 22.5 percent of all attacks. This category nosed out webmail and SaaS, which experienced 22.2 percent of all attacks.
Phishing against the social media sector declined slightly to 11.8 percent, even as social media usage was high during the U.S. presidential election.
In Brazil, Axur found that phishing against e-commerce sites constituted 45 percent of phishing attacks, perhaps taking advantage of consumers who are staying at home and using online shopping during the COVID-19 pandemic.
Agari continued to track BEC attacks, one of the most damaging types of internet crimes. BEC attacks that sought wire transfers from victim companies sought an average of $75,000 – a 56 percent increase from $48,000 in the third quarter of 2020, making very successful.
This increase is primarily due to a resurgence in BEC campaigns from “Cosmic Lynx,” a sophisticated Russian-based crime group. One BEC attack in progress was observed in which the wire transfer request was for a whopping $999,600.
The use of domain names for phishing
RiskIQ analyzed the use of domain names for phishing. “It appears that most of the domain names used for phishing are not compromised infrastructure, but are malicious domain name registrations created by the threat actors themselves,” said Jonathan Matkowsky of RiskIQ‘s Incident Investigation and Intelligence (i3) team.
Both RiskIQ and Agari saw these kinds of criminal domain name registrations were concentrated at a few registrars and in a few top-level domains.
Phishers are also deploying encryption to fool users into thinking that phishing sites are legitimate and safe. PhishLabs found that in the fourth quarter of 2020, 84 percent of phishing sites had SSL encryption enabled.
Encryption is deployed on phishing sites more often than on regular web sites: SSL is currently found on only 66.8 percent of all web sites across the internet.