Friday 29 March 2024
 
»
 
»
Story

Phishing attacks surge 17pc in Q1: report

DUBAI, June 26, 2019

Phishing attacks, emails impersonating a trusted contact or company to induce the recipient to click on an embedded link aiming to credential or credit card harvesting, rose by 17 per cent during Q1 over the prior quarter, a report said.

The top spoofed brands across these activities included Microsoft, with almost 30 per cent of all detections – followed by OneDrive, Apple, PayPal and Amazon, each within the 6-7 per cent range, added the Q1’19 Email Threat Report released by FireEye, an intelligence-led security company.

After analyzing a sample set of 1.3 billion emails, increases were found in three main areas: spoofed phishing attempts, HTTPS encryption in URL-based attacks, and cloud-based attacks focused on publicly hosted, trusted file-sharing services.

In the report, FireEye observed several important trends:

•    Use of HTTPS in URL Based Attacks Climbed 26 per cent: In 2018, FireEye reported that URL-based attacks had overtaken attachment-based attacks as a means of delivery. This trend continued in Q1’19.Notably, FireEye saw a 26 per cent quarter-over-quarter increase in malicious URLs using HTTPS. This indicated malicious actors are taking advantage of the common consumer perception that HTTPS is a “safer” option to engage on the internet.   

•    File Sharing Services Exploited to Deliver Malicious Payloads: Cloud-based attacks, particularly those leveraging file-sharing services, increased in Q1’19. Analysis of Q1’19 emails showed a dramatic increase in links to malicious files posted to popular and trusted file-sharing services, such as WeTransfer, Google Drive and OneDrive. Dropbox was the most commonly used.

•    New Impersonation Variants Focused on Payroll and the Supply Chain: Threat actors continued to increase their usage of CEO impersonation fraud. They also diversified their approach. Historically, this cyber “cash cow” attack has targeted an organization’s Accounts Payable department with a spoofed email from the CEO or other senior leader. Over the last quarter, FireEye observed threat actors increasingly using two new variants:

Payroll: This new variant targets an organization’s Payroll department with an email requesting changes to an executive’s personal data, such as bank details, with the objective of diverting an executive’s salary to a third-party account.

Supply Chain: This new variant targets the Accounts Payable department by impersonating an email from a trusted supplier (instead of the CEO or senior executive) to re-route a fraudulent payment to a third-party account.

“Threat actors are doing their homework. We’re seeing new variants of impersonation attacks that target new contacts and departments within organizations,” said Ken Bagnall, vice president of Email Security at FireEye.

“The danger is these new targets may not be prepared or have the necessary knowledge to identify an attack. Unfortunately, once the fraudulent activity is discovered, the targeted organization thinks they’ve paid a legitimate invoice, when the transaction was actually made to an attacker’s account.” – TradeArabia News Service




Tags:

More IT & Telecommunications Stories

calendarCalendar of Events

Ads