Latest Reports Reveal a Surge in Advanced and Complex Phishing

Highlights:

• Phishing, according to Cloudflare, is a growing industry. Unfortunately, in 2022, a business email compromise attempt or actual attack was reported by 71% of firms.
• A series of security suggestions are made in the report’s conclusion, starting with the requirement to safeguard email using a zero-trust security method.

According to two recent reports on phishing trends, attacks are on the rise, using trickier internet routes to connect victims with malicious websites.

The most recent compilation of phishing patterns by the Interisle Consulting Group and the annual phishing trends report from Cloudflare Inc. noted the trends.

The sheer volume of messages and the regular reports to compare their outcomes in both evaluations sets them apart from the many other lately covered reports, including Inky’s and Cofense’s. Among the emails accessed between May 2022 and May 2023, Cloudflare assessed over 279 million email threat indicators, 250 million suspicious messages, and over a billion occurrences of brand replication. Area 1 Security was acquired by Cloudflare last year, and its reports have continued.

Interisle combined disparate databases created by the Anti-Phishing Working Group, OpenPhish, PhishTank, and Spamhaus to examine six million phishing reports handled between May 2022 and May 2023. In this pooled database, it discovered 1.8 million distinctive attacks.

According to Cloudflare, deceptive links were utilized in nearly a third of the threats. That was consistent with the analysis from the prior year.

One email used the logo of the Silicon Valley Bank to lure users, and some of these links took potential victims on a series of redirections. Before arriving at a fake DocuSign website, it navigated through a sequence of four different websites. It exemplifies the lengths to which hackers will go to conceal their malicious activities. Employees of Cloudflare were the subject of yet another sophisticated attack, although it was unsuccessful due to the use of FIDO-2 hardware keys.

Phishing, according to Cloudflare, is a growing industry. Unfortunately, in 2022, a business email compromise attempt or actual attack was reported by 71% of firms.

The report states, “Phishing attacks of all types have grown in sophistication, so much so that traditional approaches against them are not sufficient to prevent the most dangerous attacks.” This has been observed across several metrics — one of which is timing, which Cloudflare calls a deferred attack where initially a phishing link makes it to some benign website and gets weaponized a couple of days later.

Another challenge is that almost every phishing message is designed to breach through multiple email authentication protocols. Oren Falkowitz, Cloudflare’s Field Chief Security Officer, said, “A phisher’s No. 1 goal is to achieve authenticity and appear legitimate in the eyes of their victims. With email authentication failing to stop threats, relying solely on these tools is a downfall. It is futile to solely rely on standards that track sender information to detect and stop campaigns.”

Phishers continue to have success posing as the biggest companies in the world, with Microsoft Corp. being their primary target. Nearly ten percent of the phishing emails included the firm name. Thanks to COVID and the World Health Organization, an interesting finding was that more communications were impersonating the United Nations than the New York Stock Exchange.

A series of security suggestions are made in the report’s conclusion, starting with the requirement to safeguard email using a zero-trust security method. The report noted, “Despite email’s pervasiveness, many organizations still follow a ‘castle-and-moat’ security model that trusts messages from certain individuals and systems by default.”

It is advised that businesses supplement cloud email with various anti-phishing procedures since a multilayered defense can prevent email exposure in high-risk areas. Additionally, organizations are urged to use multifactor authentication resistant to phishing and to implement measures that make it difficult for people to make mistakes, such as email link isolation.

As a final recommendation, the report urges businesses to create a “paranoid, blame-free culture.” A culture like this needs to promote an open, honest “see something, say something approach” to working with information technology and security incident response teams so that everyone is on “team cyber.”

Additionally, Interisle discovered a rise in brand imitation, noting that while Microsoft was one of the top targets, it was eclipsed by Mitsubishi and Facebook.

Interisle reported, “Far from improving, the phishing landscape is worsening each year. Reviewing the data, we have collected since 2020, we conclude that the prevailing uncoordinated and ineffective attempts to curb phishing are simply not working, and that a new strategy is required.” It witnessed the number of attacks increasing three times since May 2020, with over a million distinct domain names being used to execute attacks in the previous year.

The hosting company Freenom discontinued providing free domain registrations in January 2023, which is a plus. The provider was one of the top providers of domains used in phishing attacks before that incident.

In addition, it discovered that subdomain resources at internet service providers were leveraged in over 165 of all attacks, an increasing threat vector. The provider controls these domains and rents them to clients frequently for free and with little to no identity verification. They can take advantage of the provider’s good name and are more difficult to detect and eliminate because they are subdomains.