Image
In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms. The classic email phishing attack technique has increased slightly, while other significant phishing trends include:
- Impersonation scams through social media.
- Dark web threats, such as credit card fraud.
- Business Email Compromise (BEC) attacks.
- Hybrid Vishing attacks.
Some detail about how enterprises and consumers are targeted by phishing attacks on these diverse platforms is worthy of deeper exploration.
Phishing Threat Trends
As compared to Q1 2021 this year's volume of total phishing sites showed a steady growth of 4.4% from January to March. Furthermore, it is anticipated that these numbers would increase throughout 2022. Financial businesses were the top targets, affected mostly by credential theft phishing. While the incidence of this method declined by 7.4% from Q4 2021, it was still a remarkable 53.8% out of all attacks. The entire technology sector was targeted more in Q1, notably social media (21.5%), webmail/online services (5.5%), ecommerce (1.9%), and cloud storage/hosting. The largest increase of attack volume of credential theft (+9.6%) was reported in the social media industry.
Paid domain registrations or compromised sites were primarily used to stage the majority of phishing sites. This staging method is the first instance in five consecutive quarters, representing the highest of 52% of abused paid services from all incidences. The most common staging method was through compromising existing websites 35.1%.
66% of phishing sites were staged on legacy generic Top-Level Domains (gTLDs), which contributed to almost half of all domain abuse phishing activity. Of course, these dizzying numbers are more easily understood in the chart from the report.
Credential theft still reigned supreme in all of the threats in corporate email systems. What is interesting to note is that employees are treating many messages with high caution. However, 82% of the reported emails were identified as “No Threat Detected”. While this heightened sensitivity could generate some cynicism about the value of security awareness training, the report notes that:
“While the majority of employee-reported emails are not classified
as malicious, the identification and reporting of suspicious activity
by a trained workforce is needed to prevent attacks that increasingly
make it past email filters.”
In 2022, it is somewhat unbelievable that 419 “Nigerian Prince” response-based attacks have increased by 3.3%. The fact that this decades-old scam still exists is almost breath-taking. Prior to the internet, these scams were transmitted via fax machines. Unfortunately, the report does not indicate the success rate of these scams, but their continued existence would suggest that they are still effective.
The volume of threats from social media channels has advanced 27% from Q4 to Q1 single-handedly. This is a 107% increase targeting enterprises. Impersonation scams are the most frequent method of social media attacks, followed by fraud, and traditional account compromise techniques. Financial institutions still remain the primary target of social media attacks.
Dark Web Threat Trends
The top dark web threat cited in the PhishLabs report is credit card fraud. The dark web is highly famous for publishing stolen card data, which has contributed 53.7% from the total share of dark web threats, despite a 20% decline in Q1. The second most common dark web threat is the sale of corporate credentials. 64% of the stolen data was primarily marketed on carding marketplaces and forums. Forums gained a large 9.3% increase of activity from all dark web marketplaces.
Similar to social media attacks, financial institutions are the most targeted industries for dark web attacks. Credit unions, and Financial Services companies round out the list.
Conclusion
The report indicates technological and strategical improvements in phishing tactics, and enterprises are targeted more than private consumers. Phishing attacks have leveraged various media to execute malicious activity. Apart from the traditional email delivery mechanism, social media is the highest trending platform. Organizations need to be vigilant against these scams and carefully maintain a presence on these platforms to confirm their authenticity and validity to avoid phishing activity, and to secure the name of the company.
One way for organizations to protect against phishing attacks is to enforce email filters, and apply security protocols in their systems to reduce the impact of credential theft attacks. While it is true that some staff members will become overly cautious, security awareness training is still a valid and valuable defence.
Organizations should pay close attention to the diverse platforms that are available today which allow threat actors to easily perform many fraudulent activities. Phishing attacks are being executed in various forms, using myriad tactics. It is the responsibility of each organization to address any phishing related activities for the awareness of consumers and even employees. Proper monitoring of these platforms, and the application of appropriate security protocols and mechanisms to deter phishing threats is a valuable security approach.
About the Author: Dilki Rathnayake is a Cybersecurity student studying for her BSc (Hons) in Cybersecurity and Digital Forensics at Kingston University. She is also skilled in Computer Network Security and Linux System Administration. She has conducted awareness programs and volunteered for communities that advocate best practices for online safety. In the meantime, she enjoys writing blog articles for Bora and exploring more about IT Security.
Editor’s Note:The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
As a cybersecurity enthusiast with a deep understanding of the evolving landscape of online threats, I find the information presented in the provided article to be both insightful and reflective of the current phishing landscape. My expertise in this field stems from an academic background in Cybersecurity and Digital Forensics, where I am currently pursuing a BSc (Hons) at Kingston University. Additionally, my practical skills in Computer Network Security and Linux System Administration contribute to a comprehensive understanding of the technical aspects involved in combating cyber threats.
The data from the Agari and PhishLabs Quarterly Threat Trends & Intelligence report aligns with my knowledge of the phishing landscape up to my last training cut-off in January 2022. The report highlights a concerning increase in phishing attacks across diverse online platforms, showcasing a departure from the traditional email-centric approach. This aligns with the evolving tactics employed by cybercriminals to exploit a wider range of vectors and increase their chances of success.
One notable trend mentioned is the rise of impersonation scams through social media, indicating a shift towards exploiting trust relationships established on these platforms. This tactic requires organizations and individuals to adapt their cybersecurity measures to safeguard against social engineering attacks originating from platforms like Facebook and Twitter.
The mention of Dark Web threats, particularly the prevalence of credit card fraud and the sale of corporate credentials, underscores the multifaceted nature of cyber threats. This aligns with my understanding of the Dark Web's role as a marketplace for various cybercriminal activities, with financial institutions being a prime target.
The statistics on the growth of phishing sites and the specific industries targeted resonate with my knowledge of the persistence and adaptability of cyber threats. The emphasis on credential theft, especially in corporate email systems, underscores the ongoing relevance of this technique for attackers. The report rightly highlights the importance of a trained workforce in identifying and reporting suspicious activity to complement email filters.
The article also touches upon the surprising persistence of certain phishing techniques, such as the "Nigerian Prince" scam, indicating that even with advancements in technology, some classic tactics continue to be effective. This aligns with the notion that cybercriminals often leverage both sophisticated and time-tested methods to achieve their objectives.
The recommendations provided in the conclusion, such as the enforcement of email filters, the application of security protocols, and the importance of security awareness training, are in line with established best practices in cybersecurity. These measures, coupled with continuous monitoring of diverse platforms, are crucial for organizations to stay ahead of the evolving threat landscape.
In conclusion, the insights presented in the article align with my in-depth knowledge of cybersecurity trends and practices. The ever-changing nature of cyber threats necessitates a proactive and multifaceted approach to cybersecurity, involving both technical measures and user awareness initiatives.
