INTELLIGENT BRANDS // Enterprise Security
POWERED BY
F5 Labs report reveals increasing attacker sophistication raises global cybersecurity stakes
COVID-19 continues to significantly embolden cybercriminals ’ phishing and fraud efforts , according to new research from F5 Labs .
The fourth edition of the Phishing and
Fraud Report found that phishing incidents rose 220 % during the height of the global pandemic compared to the yearly average .
Based on data from F5 ’ s Security Operations Centre ( SOC ), the number of phishing incidents in 2020 is now set to increase 15 % year-on-year , though this could soon change as second waves of the pandemic spread . The three primary objectives for COVID-19 related phishing emails were identified as fraudulent donations to fake charities , credential harvesting and malware delivery .
Attacker opportunism was further evident when F5 Labs examined certificate transparency logs ( a record of all publicly trusted digital certificates ). The number of certificates using the terms ‘ Covid ’ and ‘ Corona ’ peaked at 14,940 in March , which was a massive 1102 % increase on the month before .
A phisher ’ s domain
As per previous years ’ research , F5 Labs noted that fraudsters are becoming ever more creative with the names and addresses of their phishing sites .
In 2020 to date , 52 % of phishing sites have used target brand names and identities in their website addresses . Using phishing site data from Webroot , F5 Labs discovered that Amazon was the most targeted brand in the second half of 2020 .
Paypal , Apple , WhatsApp , Microsoft Office , Netflix and Instagram were also among the top 10 .
By tracking the theft of credentials through to use in active attacks , F5 Labs observed that criminals were attempting to use stolen passwords within four hours of phishing a victim . Some attacks even occurred in real time to enable the capture of multi-factor authentication ( MFA ) security codes .
Cybercriminals also became more ruthless in their bids to hijack reputable , albeit vulnerable URLs – often for free .
Hiding in plain sight
2020 also saw phishers intensify efforts to make fraudulent sites appear genuine . F5 SOC statistics found that most phishing sites leveraged encryption , with a full 72 % using valid HTTPS certificates to trick victims . This year , 100 % of drop zones – the destinations of stolen data sent by malware – used TLS encryption ( up from 89 % in 2019 ).
Combining incidents from 2019 and 2020 , F5 Labs additionally reported that 55.3 % of drop zones used a non-standard SSL / TLS port .
Port 446 was used in all instances bar one . An analysis of phishing sites found that 98.2 % used standard ports : 80 for cleartext HTTP traffic and 443 for encrypted SSL / TLS traffic .
Future threats
According to recent research from Shape Security , which was integrated with the Phishing and Fraud Report , there are two major phishing trends on the horizon . As a result of improved bot traffic ( botnet ) security controls and solutions , attackers are starting to embrace click farms .
This entails dozens of remote ‘ workers ’ systematically attempting to log on to a target website using recently harvested credentials . The connection comes from a human using a standard web browser , which makes fraudulent activity harder to detect .
“ Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way . Security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users ,” said David Warburton , Senior Threat Evangelist at F5 Labs . •
70 INTELLIGENTCIO www . intelligentcio . com