sb-au logo
Story image

Phishing declines, but targets increase - report

11 Jun 2018

Article by RiskIQ threat analyst Andrew Geiger

Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, personally identifiable information, and user accounts.

Understanding the latest phishing techniques and threat actor tendencies helps position customers to stay one step ahead of phishing threats targeting their organisations.

The first 2018 quarterly iteration of the Phishing Roundup details the trends in phishing activity as observed by RiskIQ over Q1 of 2018, drawing upon data used in the Q4 Report of 2017 for comparison and recapping trends that have been seen entering into the new year.

More diversity in targets

For the second quarter in a row, Q1 saw a slight decrease of over 2% in overall phishing detections from Q4 of 2017, with 26,671 unique domains identified.

The data we observed, however, was much richer than in the past regarding targeted brands.

During Q1, RiskIQ saw a total of 299 unique brands targeted through phishing pages, up from the 259 brands we observed in Q4 of 2017.

The breakdown of the top 10 targeted brands is as follows:

  • 40% financial institutions
  • 20% digital transaction providers
  • 10% large tech company
  • 10% major health insurance provider
  • 10% cloud storage provider
  • 10% social media platform

As usual, the same financial institutions make up a significant portion of the top-ten targeted brands for Q1 of 2018 and much of the social media targeting trend that we observed in Q4 of 2017 is now mostly gone, which may indicate a return to tried and trusted tactics by threat actors.

However, the top 10 percentage breakdown for Q1, which includes the arrival of cloud storage providers which were not present last quarter, may indicate an overall more diverse detection of targeted brands.

This diversity of targets helps RiskIQ’s detection models improve their ability to detect phishing attacks.

Detections by registrar

Hostinger proved to be a flash in the pan in Q4 2017, leading the list of registrars used by phishing URLs and then dropping out of the top-five entirely.

GoDaddy, which is no stranger to the top of this list, reclaimed its place ahead of the pack, which isn’t surprising as phishing attacks, as well as the infrastructure used therein, tend to be extremely cyclical.

Detections by hosting provider

The list of top hosting providers used by phishing actors in Q1 saw more changes, with all five spots in flux and three of the five new to the list.

Phishing actors are constantly changing infrastructure, so they have shopped elsewhere in Q1 rather than using the same tools from Q4.

Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Bank Australia rolls out voice biometrics designed by Nuance
After a successful test rollout at the end of 2020, the bank is now offering voice-based biometric protection to all customers. More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
Cohesity appoints its very first CISO
In the newly created role, new appointee Brian Spanswick will focus on advancing and optimising IT and security for Cohesity and its customers, the company says.More