30% of phishing threats involve newly registered domains

Phishing remains the most dominant and fastest growing internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors, according to Cloudflare.

While business email compromise (BEC) losses have topped $50 billion, corporate organizations are not the only victims that attackers are after. The real implications of phishing go beyond Fortune 500’s and global companies, extending to small and local organizations as well as the public sector.

Cloudflare observed more email threats targeting political organizations. In the three months leading up to the 2022 US midterm elections, Cloudflare’s email security service prevented around 150,000 phishing emails from making their way to campaign officials.

Regardless of an organization’s size, industry or sector, the report revealed that threat actors who leverage phishing campaigns have two major objectives. First and foremost, the goal is to achieve authenticity and legitimacy in the eyes of the victim.

Second, is to persuade victims to engage or click.

Phishing attack trends

• Malicious links were the #1 threat category, comprising 35.6% of detected threats
• Identity deception threats are on the rise — increasing YoY from 10.3% to 14.2% (39.6 million) of total detections
• Attackers posed as more than 1,000 different organizations in over 1 billion brand impersonation attempts. 51.7% of the time, they impersonated one of 20 well-known brands
• The most impersonated brand happens to be one of the most trusted software companies: Microsoft. Other top companies impersonated included Google, Salesforce, Notion.so, and more
• 30% of detected threats featured newly registered domains — the #2 threat category
• Email authentication doesn’t stop threats. 89% of unwanted messages “passed” SPF, DKIM, or DMARC authentication checks

“Phishing is an epidemic that has permeated into the farthest corners of the internet, preying on trust and victimizing everyone from CEOs to government officials to the everyday consumer,” said Matthew Prince, CEO at Cloudflare.

“Email messages and malicious links are nefarious partners in crime when it comes to the most common form of internet threats. Organizations of all sizes need a zero trust solution that encompasses email security – when this is neglected, they are leaving themselves exposed to the largest vector in today’s threat landscape,” Prince concluded.

Recommendations

1. Secure email with a zero trust approach – No user or device has completely unfettered, trusted access to all apps — including email — or network resources. This mindset shift is especially critical if you have multi-cloud environments and a remote or hybrid workforce.

2. Augment cloud email with multiple anti-phishing controls – A multi-layered defense can preemptively address high-risk areas for email exposure.

3. Adopt phishing-resistant MFA – Consider replacing MFA methods like SMS or time-based OTP with more proven methods like FIDO-2 compliant MFA implementations.

4. Make it harder for humans to make mistakes – email link isolation, which integrates email security with remote browser isolation (RBI) technology, can automatically block and isolate domains that host phishing links, instead of relying on users to stop themselves from clicking.

5. Establish a paranoid, blame-free culture – Establishing a paranoid but blame- free culture that reports suspicious activity — as well as genuine mistakes — early and often helps ensure incidents (no matter how rare) are reported as soon as possible.