Story image

Australia amongst top 10 for high-risk URLs – and most of those are for phishing

14 Feb 17

Australia ranks in the top ten countries for hosting high-risk URLs – and more than 65% of those URLs are used for phishing purposes. Australia also ranks significantly for malware and spam threats.

Those are the statistics coming from Webroot’s Annual Threat Report, which found that for every new phishing URL impersonating a financial institution, there were more than seven impersonating tech companies.

This year the top three phishing targets were all global tech companies: Google, Yahoo and Apple.

This suggests it may now be easier to phish a technology account and because passwords are reused, they’re more valuable to hackers.

“The continued increase in sophistication and volume of phishing attacks, ransomware, and polymorphic malware mean we are at greater risk than ever from cybercriminals,” comments Hal Lonas, chief technology officer at Webroot.

The company also discovered that phishing attacks are getting shorter, with the longest site active for less than two days. 84% of all sites were active for less than 24 hours, and the shortest active site clocked in at 15 minutes.

In terms of malware trends, ‘polymorphism’ was the word of 2016, which describes each instance as unique and undetectable by traditional signature-based security approaches. 94% of all malware and potentially unwanted application executables were only seen once.

Ransomware also continued its domination, with the Locky ransomware remaining king.  The FBI estimated that ransomware attackers would rake in more than $1 billion in ransoms in 2016, and Webroot expects this trend to continue through 2017.

More than half of new and mobile apps were malicious or suspicious, according to Webroot. This accounts for more than 10 million – a huge increase from the two million in 2015. The company expects Android’s growing popularity will be a breeding ground for adware.

Trojans are the most popular mobile app threats, account for 60% share.

In 2016, 33 million unique malicious IP addresses appeared on Webroot’s blacklist, an increase from 2015. Attackers are also changing IP addresses to avoid detection, which is highlighted by statistics that showed more than 88% of the top 10,000 malicious IP addresses used in attacks showed up only once. 

“It’s clear that relying on threat lists, virus signatures, and simplistic rules for protection is wholly insufficient against a threat landscape that is constantly evolving. Proven, real-time machine learning-based analysis that includes an understanding of threat behavior and context is necessary for accurate decision making and protection from today’s threats,” Lonas concludes.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.