APWG Report: Phishers Shift Efforts to Attack SaaS and Webmail Services

By end of 2018, SaaS and email services made up a third of phishing
attacks

CAMBRIDGE, Mass.–(BUSINESS WIRE)–lt;a href=”https://twitter.com/hashtag/APWG?src=hash” target=”_blank”gt;#APWGlt;/agt;–According to the APWG’s new Phishing Activity Trends Report,
there was some good news and some bad news for the Internet-using public
in early 2019. The good news is that the total number of conventional,
spam-based phishing campaigns declined as 2018 came to a close, while
the bad news is that users of software-as-a-service (SaaS) systems and
webmail services are being increasingly targeted.

The number of confirmed phishing sites declined as 2018 proceeded. The
total number of phishing sites detected by APWG in 4Q was 138,328 – down
from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1. This general
decline in the number of phishing campaigns as the year went on may have
been a consequence of anti-phishing efforts – and/or the result of
criminals shifting to more specialized and lucrative forms of e-crime
than mass-market phishing.

There is growing concern that the decline may be due to under-detection.
The detection and documentation of some phishing URLs has been
complicated by phishers obfuscating phishing URLs with techniques such
as Web-spider deflection schemes – and by employing multiple redirects
in spam-based phishing campaigns, which take users (and automated
detectors) from an email lure through multiple URLs on multiple domains
before depositing the potential victim at the actual phishing site. APWG
contributing member MarkMonitor continues to monitor this trend.

Phishing that targeted SaaS and Webmail services jumped from 20.1
percent of all attacks in Q3 to almost 30 percent in Q4. Attacks against
cloud storage and file hosting sites continued to drop, decreasing from
11.3 percent of all attacks in Q1 2018 to 4 percent in Q4 2018.

Researchers at APWG member PhishLabs observed that in the final quarter
of 2018, the number of phishing attacks hosted on Web sites that have
HTTPS and SSL certificates declined for the first time in
history. “Phishing sites using SSL decreased slightly in Q4 2018
compared with Q3 – down 3 percent to about 47 percent,” said John
LaCour, Chief Technology Officer of PhishLabs. “However, it remains true
that nearly half of phishing sites use digital certificates to makes
attacks look more legitimate and avoid browser warnings.”

Also in this quarter’s Trends report: APWG contributor Axur
documented how phishers in South America offered Black Friday deals to
their fellow criminals; and APWG contributor RiskIQ analyzed where
phishing falls in the domain name space.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2018.pdf

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global
industry, law enforcement, and government coalition focused on unifying
the global response to electronic crime. Membership is open to qualified
financial institutions, online retailers, ISPs and Telcos, the law
enforcement community, solutions providers, multilateral treaty
organizations, research centers, trade associations and government
agencies. There are more than 1,800 companies, government agencies and
NGOs participating in the APWG worldwide. The APWG’s <www.apwg.org>
and websites offer the public, industry and
government agencies practical information about phishing and
electronically mediated fraud as well as pointers to pragmatic technical
solutions that provide immediate protection. The APWG is co-founder and
co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global
online safety public awareness collaborative <https://education.apwg.org/safety-messaging-convention/>
and founder/curator of the eCrime Researchers Summit, the world’s only
peer-reviewed conference dedicated specifically to electronic crime
studies <www.ecrimeresearch.org>.
APWG advises hemispheric and global trade groups and multilateral treaty
organizations such as the European Commission, the G8 High Technology
Crime Subgroup, Council of Europe’s Convention on Cybercrime, United
Nations Office of Drugs and Crime, Organization for Security and
Cooperation in Europe, Europol EC3 and the Organization of American
States. APWG is a member of the steering group of the Commonwealth
Cybercrime Initiative at the Commonwealth of Nations. Among APWG’s
corporate sponsors are: AhnLab, Area 1, AT&T (T), Afilias Ltd.,
AnchorFree, Avast!, AVG Technologies, Axur, Baidu Antivirus, BANDURA
Systems, Bangkok Bank, BBN Technologies, Barracuda Networks,
BillMeLater, Bkav, Blue Coat, BrandMail, BrandProtect, Bsecure
Technologies, CSC Digital Brand Services, Check Point Software
Technologies, Claro, Cloudmark, Cofense, Comcast, CrowdStrike,
CSIRTBANELCO, Cyxtera, Cyber Defender, CYREN, Cyveillance, DNS Belgium,
DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal,
eCert, EC Cert, ESET, EST Soft, Facebook, FeelSafe Digital, FEBRABAN,
Fortinet, FraudWatch International, F-Secure, GetResponse, GlobalSign,
GoDaddy, Google, Hauri, Hitachi Systems, Ltd., Huawei, Hyas, ICANN,
Identity Guard, Infoblox, IronPort (Cisco), Infoblox, Ingressum, Intel
(INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, Kaspersky
Lab, KnowBe4, LaCaixa, Lenos Software, LINE, LookingGlass, MX Tools,
MailChannels, MailJet, MailChimp, MailShell, MailUp, MarkMonitor (TRI),
Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, NZRS, MyPW,
nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet,
Nominum, NZRS Limited, PARENTHETIC, Public Interest Registry, Phishlabs,
PhishMe, Planty.net, Prevalent, Prevx, Proofpoint, PSafe, RSA Security
(EMC), Rakuten, RedMarlin, Return Path, RiskIQ, RuleSpace, SalesForce,
SecureBrain, SegaSec, SendGrid, S21sec, SIDN, SilverPop, SiteLock,
SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust,
SurfControl, Symantec (SYMC), TDS Telecom, Telefonica (TEF), ThreatSTOP,
TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI),
VADE-RETRO, VeriSign (VRSN), VILSOL, Webroot, Wombat Security
Technologies, ZIX, and zvelo.

Contacts

For further information about the APWG, please contact APWG Secretary
General Peter Cassidy at +1.617.669.1123, pcassidy@apwg.org.
For media inquiries related to the company-content of this report,
please contact APWG Secretary General Peter Cassidy at +1.617.669.1123;
Stefanie Ellis at Stefanie.ellis@markmonitor.com;
Fabricio Pessôa of Axur at +55.51.30122987, fabricio.pessoa@axur.com;
or Stacy Shelley of PhishLabs at 1.843.329.7824, stacy@phishlabs.com.

error: Content is protected !!