Zscaler’s Threatlabz research team has just released new facts and figures on phishing attacks around the globe. The sheer number is reported to have risen by 29 percent over the past year, while at the same time the “bad guys” have been deploying new, even more cunning approaches against the enhanced bulwarks set up to defend companies.
Cyber criminals have adapted to the stronger protection offered by multi-factor authentication, improved user education and additional security controls by attacking potential victims on more fronts. Zscaler again registered the highest number of phishing attempts in the USA but identified relatively stronger growth in other countries – including attempts by criminals to exploit new vectors of attack such as SMS (SMiShing) and using off-the-shelf tools made available commercially through more or less dark channels.
Phishing attacks often served as the gateway for more wide-ranging attacks leading to severe impact, Zscaler CISO (Chief Information Security Officer) Deepen Desai explained to British enterprise tech news publication The Register. Companies are continually improving their defense strategies, while threat actors are continuing to develop their tools, tactics, and approaches to get around these security controls and achieve even better outcomes from their phishing activities.
For its new report, ThreatLabz analyzed data from more than 200 billion transactions and 150 million blocked attacks collected over a year. The research revealed that the brands and products most commonly abused were Microsoft, Telegram, Amazon, OneDrive and PayPal. The biggest increase was discovered to have taken place in the retail and wholesale sectors, with a staggering increase of 436 percent.
More powerful tools make it easy for criminals
This is made possible through phishing-as-a-service (PhaaS), which not only has the power to accelerate the number of phishing attempts, but also enables less technically adept hackers to launch sophisticated campaigns. The most common methods of conducting PhaaS are phishing kits (complete packages including everything that an attacker may need) and free, open-source phishing frameworks, which can be found on code-sharing forums and enable attackers to execute specific attack functions or even automate the entire process.
In the meanwhile, even technically skilled attackers have switched over from individual development to using phishing kits, allowing them to launch large-scale attacks, says Zscaler CISO Desai. Attackers are now able to simply copy templates from the kit onto a hijacked web server or to a hosting service to set up the phishing page for the brand they’ve set their sights on. This makes the task facing security teams significantly more challenging. The open-source templates eliminate many of the typos, grammar errors or unsigned certificates through which security experts usually identify phishing attempts.
“With higher sunk costs, cybercriminals have also developed a more focused approach to selecting their ideal targets,” Desai goes on to say. The result is that financial losses incurred by companies impacted by phishing have risen rapidly over the past year.
With Retarus’ Secure Email Platform, companies are not only able to safeguard their email accounts against phishing, but also against all other kinds of virtual chicanery. Find out more about the wide range of options offered by Retarus’ Email Security Services from our website or directly from your local Retarus representative.