sb-au logo
Story image

Phishing becoming more prolific and impregnable - report

19 Jun 2020

The most prolific form of cyber attack to emerge in the COVID-19 era is becoming even more targeted and difficult to defend against as the pandemic wears on, according to new research released by ProPrivacy.

Phishing campaigns continue to grow in scope and prominence rather than lose influence as more people return to work. 

The study, conducted with VirusTotal and WHOIS XML, analysed more than 600,000 domains to accurately track malicious activity throughout the pandemic. 

This analysis found that the number of phishing domains being registered peaked in March, yet domain registry activity remains high three months later with as many as 1,200 domains still being registered each day. 

125,000 domains in total have been found to be malicious by the study – the ‘vast majority’ being used for phishing purposes.

“It would be easy to look at the overall trend and conclude that phishing activity related to the pandemic has simply fizzled out, but that’s not an accurate assessment,” says lead researcher Sean McGrath.

“These malicious campaigns have moved underground and are now addressing our most intimate concerns. When will my children return to school? Will I lose my job? 

“It is these - truly human - questions that will fuel the 'second peak' of malicious activity. This is the next battlefront in the digital pandemic.” 

Indeed, researchers noted that campaigns gradually became more targeted and potent as time wore on, evolving to take advantage of new and emerging fears held by the public.

Whereas in March, many registered domains related to terms like ‘covid’ or ‘mask’, months on there has been an increase in domain registrations related to unemployment, welfare benefits, and stimulus packages.

The passage of time has also provided attackers with valuable experience and insights over which campaigns work and which don’t – meaning attacks are more nuanced and sophisticated than they were before.

These focused campaigns are not only more likely to succeed, but they are becoming increasingly difficult for the threat intelligence community to identify using conventional broad stroke methods, according to ProPrivacy. 

As part of the research, ProPrivacy tracked all domains registrations from January 1 2020, after which each domain was checked against VirusTotal’s database of more than 60 threat intelligence partners. 

Once the researchers identified which domains were malicious and/or being exploited in phishing campaigns, they noted the new themes that were emerging as public sentiments and concerns changed with time.

In the course of their study, researchers also found that GoDaddy was the most abused web host, hosting a disproportionately high number of domains used for phishing activity. 

The company, the largest hosting provider in the world with a 15% share of all hosted sites on the internet, hosted 37% of the 80,470 IP addresses analysed in the study.

“We see a lot of niche registrations in our typosquatting data feed files,” says an unnamed WhoisXML API researcher.

“Registrants seem to target vulnerable groups. We suspect that these domains could serve as social engineering baits and trigger emotional responses.”

Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Commvault launches Metallic in A/NZ region for first global expansion
The Australia and New Zealand region continues to be a priority market for Commvault, as cloud adoption across the region leads global averages, the company states.More
Story image
McAfee finds vulnerabilities in 'temi' the videoconferencing robot
Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More