As a result of improved bot traffic ( botnet ) security controls and solutions , attackers are starting to embrace click farms .
Future threats are only set to rise . Shape Security researchers also recorded an increase in the volume of real-time phishing proxies ( RTPP ) that can capture and use multi-factor authentication ( MFA ) codes . The RTPP acts as a person-in-the-middle and intercepts a victim ’ s transactions with a real website . Since the attack occurs in real time , the malicious website can automate the process of capturing and replaying timebased authentication such as MFA codes . It can even steal and reuse session cookies .
According to recent research from Shape Security , which was integrated with the Phishing and Fraud
Report for the first time , there are two major phishing trends on the horizon . As a result of improved bot traffic ( botnet ) security controls and solutions , attackers are starting to embrace click farms . This entails dozens of remote ‘ workers ’ systematically attempting to log on to a target website using recently harvested credentials . The connection comes from a human using a standard web browser , which makes fraudulent activity harder to detect .
Even a relatively low volume of attacks has an impact . As an example , Shape Security analyzed 14 million monthly logins at a financial services organization and recorded a manual a fraud rate of 0.4 %. That is the equivalent of 56,000 fraudulent logon attempts and the numbers associated with this type of activity
Recent real-time phishing proxies in active use include Modlishka2 and Evilginx23 . F5 Labs and Shape Security are set to monitor the growing use of RTPPs in the coming months .
“ Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way .
“ Security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users ,” Warburton concluded .
“ Individuals and organizations also need to be continuously trained on the latest techniques used by fraudsters . Crucially , there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19 .” p
26 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com