Group-IB has discovered a ‘tremendous increase’ of phishing resource blockages in the 2nd half of 2019 as the duration of attacks grows.
They have also noted significant growth in the actual duration of phishing attacks.
Tremendous Increase
This worrying tendency has been revealed by Group-IB’s Computer Emergency Response Team (CERT-GIB), who caution a “tremendous increase” in the actual no. of phishing websites blockages rising, according to their research by more than 230% year-on-year.
Web phishers have increasingly targeted cloud storage rather than email service providers in the so-called “Top 3 of Phishers’ Targets”, in a slight & more general way during 2019, the company explained.
This is due to the fact cloud storage records ‘gigabytes’ of sensitive data as well as every aspect of personal & sometimes corporate lives.
Phishing
“In the 2nd half of 2019, we saw the prolongation of phishing attacks – attackers changed approach toward the conduct of their campaigns, choosing quantity over quality,” observed CERT-GIB Deputy Head, Yaroslav Kargalev.
“Cloud storage & online services are due to remain among phishers’ main targets due to the large amount of personal information that is stored in them, cybercriminals are likely to use the access to them to first download data from cloud storage, & then blackmail their victims to increase the chances of receiving a ransom.”
Victims
Group-IB said that online services and financial organisations are also among the top 3 most frequent victims.
In detecting & preventing threats distributing online, CERT-GIB blocked 8,506 phishing web resources in the 2nd half of the fiscal year in 2019, compared to 2,567 in H2 2018.
Duration
The surge in the number of blockages comes from the growing duration of phishing attacks.
Where cyber-criminals used to stop their fraudulent campaign as soon as their web pages were blocked, they are now quickly instead attacking on other brands.
So, they continue replacing removed pages with new ones – a result of the rising number of resources accumulated for a single attack.
Targets
The top 3 of web phishers’ targets were online services (client software, online streaming services, e-commerce, delivery services etc.) (29.3%), cloud storages (25.4%), & financial organisations (17.6%).
The number of phishing attacks on cloud storage nearly doubled last year, CERT-GIB’s discovered, while internet providers noted a 3-fold increase in the number of phishing scams targeting them.
Also, there was a lower interest to email service providers.
The proportion of attacks on them has now decreased from 19.9% to 5.9%.
Cryptocurrency
Cryptocurrency projects, in addition, became less attractive to cyber-criminals as the publicity around them started to recede.
The top 10 tools used in attacks tracked by CERT-GIB in the 2nd half of 2019 were ransomware Troldesh (55%); backdoors Pony (11%t), Formbook (5%), Nanocore (4%) & Netwire (1%); banking Trojans RTM (6% & Emotet (5%); & spyware AgentTesla (3%), Hawkeye (2%), & Azorult (1%).
AgentTesla, Netwire & Azorult for the 1st time appeared among attackers’ preferred instruments.
It is useful & informative to keep up to date with the changing patterns of attack, and choice of weapon of the ‘opposition’.
