Cybercrime Gangs Continue To Innovate

Uploaded on 2019-01-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

According to the APWG’s Phishing Activity Trends Report, after spiking in the spring, phishing has been taking place at a steady pace, but phishers are using new techniques to carry out their attacks, and obfuscate their origins, to make the most of every phishing campaign.

APWG is the international coalition unifying the global response to cybercrime. APWG’s membership of more than 2200 institutions worldwide is as global as its outlook, with its directors, managers and research fellows advising: national governments; global governance bodies.

The total number of phish detected by APWG in Q3 2018 was 151,014. This was down from 233,040 in Q2 and 263,538 in Q1. There was an unusual rash of phishing in the spring of 2018, and the amount of phishing in Q3 was a return to the kind of levels seen through 2017. But while the number of attacks subsided, APWG’s contributing researchers noticed ways in which phishers have been making their attacks more effective and harder to detect.

Phishers are increasingly using web page redirects as a way of hiding their phishing sites from detection. When victims click on links in phishing emails, redirects take the user on an unwitting journey through other sites before arriving at the phishing site itself.

Once the victim submits his or her credentials, still more redirects make take the victim to yet another domain.

The researchers at APWG member PhishLabs have observed that half of all phishing sites now use SSL encryption, which can fool users into thinking that a site is safe to use, for example, by virtue of the green lock symbol that appears in the browser address bar when SSL encryption is enabled.

Some of the increase comes from phishers adding HTTP encryption to their phishing sites, a technique that turns a security feature against the victims.

APWG contributor RiskIQ analysed where phishing falls in the domain name space, and found that certain top-level domains have notable amounts of phishing in them, both in absolute and relative terms.

Some of this phishing is attributable to phishers who register in top-level domains that offer domain names for free.

HelpNetSecurity:

You Might Also Read:

What's Your Digital Data Worth?:
 

« Fortnite Teen Hackers 'Earning Thousands of Pounds a Week'
US Treasury Sanctions Russians For Electoral Interference »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

CyberCure

CyberCure

CyberCure provide specialised roles and services to manage your organisations cybersecurity requirements and professional advisory services in governance, risk and compliance.