Cyber criminals, especially those who rely on phishing campaigns, are slowly yet steadily switching their operations from creating spam-based phishing websites to launching fresh attacks on users of software-as-a-service (SaaS) systems and webmail services.
The latest Q4 2018 Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) noted a stark decline in the number of confirmed phishing websites in 2018 from as high as 263,538 in Q1 to 233,040 in Q2 to 151,014 in Q3 to just 138,328 in Q4, the lowest monthly count being 35,719 in November last year.
In order to make their campaigns count, cyber criminals are trying to obfuscate their phishing URLs (which often spoof URLs of well-known brands to take adtantage of consumers’ trust) by including a number of redirectors prior to the phishing landing page and after victims enter their personal information on such sites.
According to the report, cyber criminals are also using HTTPS encryption protocol and SSL certificates extensively to makes attacks look more legitimate and avoid browser warnings. PhishLabs reported that while 47% of phishing sites were using SSL in December, the number of sites using the default HTTPS protocol was around 48.4%, accounting for nearly half of all fraudulent websites.
Phishing attacks on SaaS and Webmail users on the rise
APWG also observed a slight decline in the number of phishing email campaigns (unique e-mails sent out to multiple users) from 264,483 in Q3 to 239,910 in Q4 2018. However, the number of such campaigns rose from 64,905 in November to 87,386 in December, suggesting that the numbers may continue to fluctuate in the coming months.
From January to December 2018, phishing attacks on cloud storage and file hosting sites also declined from 11.3% of all phishing attacks in Q1 to just 4% in Q4. However, to compensate for this, cyber criminals launched more attacks against users of software-as-a-service (SaaS) systems and webmail services as the year progressed. Phishing attacks on SaaS and webmail services rose from 20.1% in Q3 to almost 30% in Q4 which represents quite a significant jump.
Commenting on the shifting tactics of phishers, Corin Imai, senior security advisor at DomainTools, said that while the reduction of traditional phishing attempts is reassuring, phishing is a wholly adaptable form of cybercrime: it evolves its techniques to bypass users’ attentiveness and it increases in complexity as its tricks are uncovered.
“The shift in preferred targets indicates that perhaps the more common, indiscriminate attacks that relied on casting a wide net of victims were no longer effective. This, in turn, means that the cybersecurity industry succeeded in creating efficient tools to detect fraudulent emails and – with the help of the media – in informing private individuals of the best security practices.
“While research teams reinforce detection tools and security software to face the new challenges that more targeted attacks have brought, the same focus on raising awareness should be kept up: humans remain the first and last line of cyberdefence, and education should be at the forefront of any anti-phishing effort,” she added.