Cybercrime Gangs Continue To Innovate

Uploaded on 2019-01-11 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

According to the APWG’s Phishing Activity Trends Report, after spiking in the spring, phishing has been taking place at a steady pace, but phishers are using new techniques to carry out their attacks, and obfuscate their origins, to make the most of every phishing campaign.

APWG is the international coalition unifying the global response to cybercrime. APWG’s membership of more than 2200 institutions worldwide is as global as its outlook, with its directors, managers and research fellows advising: national governments; global governance bodies.

The total number of phish detected by APWG in Q3 2018 was 151,014. This was down from 233,040 in Q2 and 263,538 in Q1. There was an unusual rash of phishing in the spring of 2018, and the amount of phishing in Q3 was a return to the kind of levels seen through 2017. But while the number of attacks subsided, APWG’s contributing researchers noticed ways in which phishers have been making their attacks more effective and harder to detect.

Phishers are increasingly using web page redirects as a way of hiding their phishing sites from detection. When victims click on links in phishing emails, redirects take the user on an unwitting journey through other sites before arriving at the phishing site itself.

Once the victim submits his or her credentials, still more redirects make take the victim to yet another domain.

The researchers at APWG member PhishLabs have observed that half of all phishing sites now use SSL encryption, which can fool users into thinking that a site is safe to use, for example, by virtue of the green lock symbol that appears in the browser address bar when SSL encryption is enabled.

Some of the increase comes from phishers adding HTTP encryption to their phishing sites, a technique that turns a security feature against the victims.

APWG contributor RiskIQ analysed where phishing falls in the domain name space, and found that certain top-level domains have notable amounts of phishing in them, both in absolute and relative terms.

Some of this phishing is attributable to phishers who register in top-level domains that offer domain names for free.

HelpNetSecurity:

You Might Also Read:

What's Your Digital Data Worth?:
 

« Fortnite Teen Hackers 'Earning Thousands of Pounds a Week'
US Treasury Sanctions Russians For Electoral Interference »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Maticmind

Maticmind

Maticmind is an ICT System Integrator providing solutions and specialized skills in Networking, Security, Unified Communications & Collaboration, Datacenter & Cloud and Application.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Charterhouse Voice & Data

Charterhouse Voice & Data

Charterhouse is your trusted technology partner - designing, provisioning and supporting the technology that underpins your operations including network security and data compliance.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.