Cloud storage sites will likely overtake financial institutions as the top phishing attacks targets, marking a major evolution in phisher targeting according to PhishLabs’ “2017 Phishing Trends & Intelligence Report.”
The Charleston, S.C. firm’s 2017 PTI Report revealed, “This evolution in the phishing landscape also denotes a changing mindset in how phishers use the information they collect for financial gain (because it’s always about the money).”
In the past, when phishers targeted customers of financial institutions, they would usually immediately use the credentials to break into a victim’s account and steal their money. While this method still generates consistent high levels (the overall number of attacks targeting financial institutions increased in 2016), the 2016 phishing landscape saw explosive growth in attacks targeting credentials unusable for immediate profit.
PhishLabs operates a 24/7/365 security operations center focused exclusively on phishing. In 2016, PhishLabs analyzed nearly one million confirmed malicious phishing sites hosted on more than 170,000 unique domains. More than 91% of all phishing attacks in 2016 targeted five industries: financial institutions, cloud storage/file hosting services, webmail/online services, payment services, and ecommerce companies. The total number of phishing attacks increased for each of these five industries by an average of 33%.
Financial institutions, the longtime target-of-choice for phishers, remained the most popular target in 2016. Although the total number of phishing attacks grew slightly in 2016, the industry’s share of phishing attack targets decreased substantially in recent years. In 2013, attacks targeting financial institutions accounted for more than a third of all phishing attacks. That number now represents less than a quarter of the global phishing volume.
As the share of attacks targeting financial institutions declined, other industries saw their shares increase substantially. The most pronounced trend centers on cloud storage services. In 2013, fewer than one in ten phishing attacks targeted cloud storage services. In 2016, the industry’s share was only a fraction of a percent behind financial institutions (22.6% compared to 23%).
If these recent trends continue, the PTI report noted, there is a strong likelihood that cloud storage services will overtake financial institutions as the most targeted industry in 2017. Phishing attacks impacting this industry almost exclusively target only two companies: Google (Google Drive/Docs) and Dropbox.
“The shift is driven by a major vulnerability in how many web services, including nearly all of the cloud storage services and SaaS companies that have seen a substantial increase in phishing attacks, allow their users to authenticate into their accounts,” the PhishLabs report explained. Instead of requiring users have a unique username and password, they allow users to log in using their email address in conjunction with a unique password. “The problem with this method is that many, perhaps a majority, of their users simply reuse their email password instead of creating a new one.”
In addition, the share of attacks against targets in the United States continues to grow, accounting for more than 81% of all phishing attacks. Of more than 29,000 phish kits collected, more than a third used techniques to evade detection.
So why the change? The PhishLabs report stated, “Because a fundamental shift is underway in the overall phishing threat landscape. By shifting their targets and techniques, phishers have: made credential collection more efficient; focused on collecting a wider breadth of information that can be used to facilitate other types of crimes; and moved to a more indirect, but likely more lucrative, profit motive.”
Ransomware attacks, the predominant type of malware being distributed via phishing, are now focusing on organizations that are more likely to pay ransoms, such as healthcare, government, critical infrastructure, education and small business. “Undoubtedly, 2016 will be remembered as the year ransomware became the most pervasive and profitable threat in the malware landscape.”
