Report shows how cybercriminals devolve new ways for phishing scams
Akamai Technologies, Inc. has published its ‘Akamai 2019 State of the Internet / Security Phishing: Baiting the Hook’ report, which reveals how cybercriminals are evolving their phishing mechanisms.
The report showed that the miscreants are using enterprise-based development and deployment strategies. Disguises to the tune of phishing as a service (PaaS), are being used to leverage some of the world’s largest tech brands. The report detailed that 42.63 per cent of domains were observed targeting Microsoft, PayPal, DHL, and Dropbox.
Moreover phishing no longer remains just an email-based threat,says the report. However, while expanding to include social media and mobile devices, it has also morphed into things like business email compromise (BEC) attacks. According to the FBI, BEC attacks resulted in worldwide losses of more than USD 12 billion between October 2013 and May 2018.
"Phishing is a long-term problem that we expect will have adversaries continuously going after consumers and businesses alike until personalized awareness training programs and layered defense techniques are put in place," said Martin McKeay, Editorial Director of the State of the Internet/Security report for Akamai.
During the research period, with 6,035 domains, and 120 kit variations, high technology was the top industry targeted by phishing, followed by financial services, e-commerce and media. Globally, around 60 brands were affected due to the malpractices.
Phishing defenses have forced changes to criminal operations, as they seek to remain undetected for as long as possible. According to Akamai’s research, 60 per cent of the phishing kits observed were active for 20-days or less during the reporting period, which is becoming more common among phishing attacks. This short lifespan is likely why criminals continue to develop new evasion methods to keep their kits undetected.
Akamai’s new report also discusses a research project that followed the daily operations of a phishing-kit developer who offered three types of kits with advanced evasion techniques, design, and geo-targeting options. The low prices and top-tier brand targets in these kits are an attractive item, creating a low-barrier for entry into the phishing market for criminals looking to set up shop.
McKeay concludes, "As the phishing landscape continues to evolve, more techniques such as BEC attacks will develop, threatening a variety of industries across the globe. The style of phishing attacks is not one size fits all; therefore, companies will need to do due diligence to stay ahead of business-minded criminals looking to abuse their trust."