SlideShare une entreprise Scribd logo

2017 Phishing Trends & Intelligence Report: Hacking the Human

PhishLabs
PhishLabs

PhishLabs' Phishing Trends and Intelligence annual report provides insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks. It provides context and perspective into HOW and WHY these trends are occurring By understanding the threat, we can better defend against it. The report data is sourced from more than one million confirmed phishing sites residing across more than 170,000 unique domains. We investigated more than 7,800 phishing attacks every month, identifying the underlying infrastructure used in the attacks and shutting them down. The report uses this data to illuminate significant trends, tools, and techniques being used by the threat actors. Do download the on-demand full webinar, click here: https://info.phishlabs.com/phishing-trends-and-intelligence-pti-report-webinar Do download the PTI Report, click here: https://info.phishlabs.com/2017-phishing-trends-and-intelligence-report-pti

Internet
1  sur  26
Télécharger pour lire hors ligne
2017 R.A.I.D. Webinar Series • What’s it about? • Insights from our Research, Analysis, Intelligence Division and other PhishLabs’ experts • Hosted every month, exact dates TBD • Focus on current threat campaigns – dissect attacks, scams, campaigns, and discuss threat actors • Goal: equip you to better secure your network, your employees, your company and your customers • Who should attend? • Open invitation – feel free to share! • Security leaders and professionals responsible for managing cyber threats
February agenda 2017 Phishing Trends & Intelligence Report: Hacking the Human Proprietary and Confidential Copyright 2017 PhishLabs 4 Crane Hassold Senior Security Threat Researcher
Phishing Trends & Intelligence Report Purpose • Provide insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks • Provide context and perspective into HOW and WHY these trends are occurring • By understanding the threat, we can better defend against it Proprietary and Confidential Copyright 2017PhishLabs 7
Methodology Proprietary and Confidential Copyright 2017PhishLabs 8 • Analysis of nearly 1 million confirmed malicious phishing sites hosted on more that 170,000 unique domains and more than 66,000 unique IP addresses • “Attack” = domain hosting phishing content • Volume vs. Share • Volume relates to the raw, cumulative number of attacks • Share references the percentage of attacks relative to the entire attack population
Industry Trends: Who is Being Targeted? • 976 brands from 568 parent institutions targeted by phishing attacks in 2016 • 91% of all attacks targeted five industries • Financial institutions • Cloud storage services • Webmail/online services • Payment services • E-commerce sites • Attack volume targeting the top 5 industries grew by an average of 33% • Financial institutions still the most targeted industry…barely Proprietary and Confidential Copyright 2017PhishLabs 9
The Rise of Cloud Storage Phish • Attacks targeting cloud storage services expected to surpass those targeting financial institutions in 2017 • Percentage of attacks targeting FIs have been steadily declining • Cloud storage phish made up less than 10% in 2013; now account for nearly a quarter • 90% of cloud storage phish target only two companies (Google, Dropbox) Proprietary and Confidential Copyright 2017PhishLabs 10
Evolving Motivations • Three primary motivations for fraud-based phishing: 1. Immediate Account Takeover 2. Credential Proliferation 3. Data Diversification Proprietary and Confidential Copyright 2017PhishLabs 11
Motivation #1: Immediate Account Takeover • Historically, the primary motivator for phishing attacks • Targets are usually banks and payment service companies • Immediate, direct profit • Industries impacted by these attacks have seen a decline in volume Proprietary and Confidential Copyright 2017PhishLabs 12 2013 64% 2016 37%
Motivation #2: Credential Proliferation • Attackers mass harvest credentials for the purpose of attacking secondary targets • Focused on web services that use email addresses as a primary credential • Indirect profit • Significant increase in targeting Proprietary and Confidential Copyright 2017PhishLabs 13 2013 21% 2016 46%
A Systemic Vulnerability • The shift in targeted industries is driven by a major vulnerability -- the use of email address as a primary credential • Target one = target all • Facilitates password reuse attacks • 39% of users reuse passwords across services (Pew Research, 2017) Proprietary and Confidential Copyright 2017PhishLabs 14
A Systemic Vulnerability Proprietary and Confidential Copyright 2017PhishLabs 15
Motivation #3: Data Diversification • Purpose is to collect more comprehensive information about a victim • Impacted industries include e-commerce sites and government services • Phishing attacks targeting tax agencies have increased 300% since 2014 • IRS phish in January 2016 exceeded volume of attacks seen in all of 2015 • Less frequent, higher impact • Used to commit other types of crimes (e.g., identify theft, tax fraud) • Also used to facilitate future phishing activity (e.g., phone numbers) Proprietary and Confidential Copyright 2017PhishLabs 16
Why are We Seeing This Shift? • Phishing threat actors are evolving their tactics to: 1. Make their jobs easier 2. Expand the avenues of profit 3. Take advantage of ease-of-use features built into many websites • By shifting their targets and techniques, phishers have: 1. Made credential collection more efficient 2. Focused on collecting a wider breadth of information to facilitate other crimes 3. Moved to a more indirect, but likely more lucrative, profit motive 4. Adapted to security controls used by FIs and payment service companies Proprietary and Confidential Copyright 2017PhishLabs 17
What are the Implications? • Password reuse attacks serious threat to secondary targets • Cloud storage and SaaS accounts are not the primary targets • Expect that customers have already been compromised elsewhere • “It’s not my problem” paradox • Brand reputation issues Proprietary and Confidential Copyright 2017PhishLabs 18
Country Trends: Where are the Attacks Happening? • 81% of phishing attacks target US-based entities • Significant increase in attacks targeting Canadian targets (+237%) • Focused on financial institutions • Sustained increase, not a quick spike • Switzerland, France, Italy, Germany also saw increases • China, Australia, Great Britain saw significant declines in attacks Proprietary and Confidential Copyright 2017PhishLabs 20
Hosting Locations: Where are Phish Hosted? • More than half of all phishing sites hosting in the United States • Sharp increase in the number of phish hosted in Eastern Europe • Decline in phish hosted in East Asia Proprietary and Confidential Copyright 2017PhishLabs 21
Top-Level Domains: How are Phish Hosted? • 51% of phishing sites hosted on .COM TLD • New gTLDs still associated with a small fraction of phishing sites, but they’re growing • 220 new gTLDs observed in 2016 vs. 66 in 2015 • Inexpensive option for phishers looking to have control over their infrastructure • Allow phishers to create legitimate-looking domains Proprietary and Confidential Copyright 2017PhishLabs 22
Phish Kits: How are Phish Made? • Kits are the “recipe” for creating most phishing sites • Collecting & analyzing kits give us a more in-depth understanding of techniques used to carry out phishing scams • Anti-detection techniques • Access controls • Code obfuscation • Data exfiltration • Collected more than 29,000 kits in 2016 targeting 300+ different companies • More than a third used techniques to evade detection • 29% used methods to evade browser-based blocking • 22% utilized mechanisms to restrict access to phishing site Proprietary and Confidential Copyright 2017PhishLabs 23
Ransomware: Yeah, That Happened… • Ransomware has been around for decades, but saw a massive surge in 2016 • Phishing was, by far, the most common method of delivery • Simplicity led to copycats • Ransomware-as-a-service • High rate of infection, low rate of payment • Threat actors evolved targeting tactics to change from individuals to strategic businesses Proprietary and Confidential Copyright 2017PhishLabs 24
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human

Recommandé

The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline
PhishLabs
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in Pakistan
Mustufain Ahmed Ansari
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Phishing
PhishingPhishing
Phishing
Archit Mohanty
 

Recommandé

The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline
PhishLabs
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in Pakistan
Mustufain Ahmed Ansari
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Phishing
PhishingPhishing
Phishing
Archit Mohanty
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
Mark Mair
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
pronab Kurmi
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
KaterynaPetrova4
 
Phishing
PhishingPhishing
Phishing
guicelacatalina
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Phishing
PhishingPhishing
Phishing
Carla Morales Vásquez
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
AvishekMondal15
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
Devendra Yadav
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
Krishma Sandesra
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
VidaB
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 

Contenu connexe

Tendances

Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
Krishma Sandesra
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
VidaB
 

Tendances (20)

Phishing
PhishingPhishing
Phishing
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Phishing
PhishingPhishing
Phishing
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
Phishing
PhishingPhishing
Phishing
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing
PhishingPhishing
Phishing
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 

En vedette

PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Phishing: A Field Experiment
Phishing: A Field ExperimentPhishing: A Field Experiment
Phishing: A Field Experiment
CSCJournals
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
tamfin
 
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APTBYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
Jimmy Shah
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
BlackBerry
 

En vedette (18)

PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
Phishing
PhishingPhishing
Phishing
 
Phishing: A Field Experiment
Phishing: A Field ExperimentPhishing: A Field Experiment
Phishing: A Field Experiment
 
Phishing trends and Collaborative Efforts to Fight Cybercrime
Phishing trends and Collaborative Efforts to Fight CybercrimePhishing trends and Collaborative Efforts to Fight Cybercrime
Phishing trends and Collaborative Efforts to Fight Cybercrime
 
Phishing Report Novembre 2009
Phishing Report Novembre 2009Phishing Report Novembre 2009
Phishing Report Novembre 2009
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
 
Use of hog descriptors in phishing detection
Use of hog descriptors in phishing detectionUse of hog descriptors in phishing detection
Use of hog descriptors in phishing detection
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APTBYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
 
Venture Scanner Security Tech Report Q1 2017
Venture Scanner Security Tech Report Q1 2017Venture Scanner Security Tech Report Q1 2017
Venture Scanner Security Tech Report Q1 2017
 
Phishing
PhishingPhishing
Phishing
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 

Similaire à 2017 Phishing Trends & Intelligence Report: Hacking the Human

Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Javier Vargas
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?
Valerie Lanzone
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Jason Luttrell, CISSP, CISM
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
centralohioissa
 
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches WebinarEliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Concept Searching, Inc
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 

Similaire à 2017 Phishing Trends & Intelligence Report: Hacking the Human (20)

2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
 
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?
 
MASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton ZeiglerMASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton Zeigler
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches WebinarEliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches Webinar
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
What a locked down law firm looks like updated
What a locked down law firm looks like updatedWhat a locked down law firm looks like updated
What a locked down law firm looks like updated
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel Approach
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel Approach
 

Dernier

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 

Dernier (20)

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

2017 Phishing Trends & Intelligence Report: Hacking the Human

  • 1.
  • 2. 2017 R.A.I.D. Webinar Series • What’s it about? • Insights from our Research, Analysis, Intelligence Division and other PhishLabs’ experts • Hosted every month, exact dates TBD • Focus on current threat campaigns – dissect attacks, scams, campaigns, and discuss threat actors • Goal: equip you to better secure your network, your employees, your company and your customers • Who should attend? • Open invitation – feel free to share! • Security leaders and professionals responsible for managing cyber threats
  • 3.
  • 4. February agenda 2017 Phishing Trends & Intelligence Report: Hacking the Human Proprietary and Confidential Copyright 2017 PhishLabs 4 Crane Hassold Senior Security Threat Researcher
  • 5.
  • 6.
  • 7. Phishing Trends & Intelligence Report Purpose • Provide insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks • Provide context and perspective into HOW and WHY these trends are occurring • By understanding the threat, we can better defend against it Proprietary and Confidential Copyright 2017PhishLabs 7
  • 8. Methodology Proprietary and Confidential Copyright 2017PhishLabs 8 • Analysis of nearly 1 million confirmed malicious phishing sites hosted on more that 170,000 unique domains and more than 66,000 unique IP addresses • “Attack” = domain hosting phishing content • Volume vs. Share • Volume relates to the raw, cumulative number of attacks • Share references the percentage of attacks relative to the entire attack population
  • 9. Industry Trends: Who is Being Targeted? • 976 brands from 568 parent institutions targeted by phishing attacks in 2016 • 91% of all attacks targeted five industries • Financial institutions • Cloud storage services • Webmail/online services • Payment services • E-commerce sites • Attack volume targeting the top 5 industries grew by an average of 33% • Financial institutions still the most targeted industry…barely Proprietary and Confidential Copyright 2017PhishLabs 9
  • 10. The Rise of Cloud Storage Phish • Attacks targeting cloud storage services expected to surpass those targeting financial institutions in 2017 • Percentage of attacks targeting FIs have been steadily declining • Cloud storage phish made up less than 10% in 2013; now account for nearly a quarter • 90% of cloud storage phish target only two companies (Google, Dropbox) Proprietary and Confidential Copyright 2017PhishLabs 10
  • 11. Evolving Motivations • Three primary motivations for fraud-based phishing: 1. Immediate Account Takeover 2. Credential Proliferation 3. Data Diversification Proprietary and Confidential Copyright 2017PhishLabs 11
  • 12. Motivation #1: Immediate Account Takeover • Historically, the primary motivator for phishing attacks • Targets are usually banks and payment service companies • Immediate, direct profit • Industries impacted by these attacks have seen a decline in volume Proprietary and Confidential Copyright 2017PhishLabs 12 2013 64% 2016 37%
  • 13. Motivation #2: Credential Proliferation • Attackers mass harvest credentials for the purpose of attacking secondary targets • Focused on web services that use email addresses as a primary credential • Indirect profit • Significant increase in targeting Proprietary and Confidential Copyright 2017PhishLabs 13 2013 21% 2016 46%
  • 14. A Systemic Vulnerability • The shift in targeted industries is driven by a major vulnerability -- the use of email address as a primary credential • Target one = target all • Facilitates password reuse attacks • 39% of users reuse passwords across services (Pew Research, 2017) Proprietary and Confidential Copyright 2017PhishLabs 14
  • 15. A Systemic Vulnerability Proprietary and Confidential Copyright 2017PhishLabs 15
  • 16. Motivation #3: Data Diversification • Purpose is to collect more comprehensive information about a victim • Impacted industries include e-commerce sites and government services • Phishing attacks targeting tax agencies have increased 300% since 2014 • IRS phish in January 2016 exceeded volume of attacks seen in all of 2015 • Less frequent, higher impact • Used to commit other types of crimes (e.g., identify theft, tax fraud) • Also used to facilitate future phishing activity (e.g., phone numbers) Proprietary and Confidential Copyright 2017PhishLabs 16
  • 17. Why are We Seeing This Shift? • Phishing threat actors are evolving their tactics to: 1. Make their jobs easier 2. Expand the avenues of profit 3. Take advantage of ease-of-use features built into many websites • By shifting their targets and techniques, phishers have: 1. Made credential collection more efficient 2. Focused on collecting a wider breadth of information to facilitate other crimes 3. Moved to a more indirect, but likely more lucrative, profit motive 4. Adapted to security controls used by FIs and payment service companies Proprietary and Confidential Copyright 2017PhishLabs 17
  • 18. What are the Implications? • Password reuse attacks serious threat to secondary targets • Cloud storage and SaaS accounts are not the primary targets • Expect that customers have already been compromised elsewhere • “It’s not my problem” paradox • Brand reputation issues Proprietary and Confidential Copyright 2017PhishLabs 18
  • 19.
  • 20. Country Trends: Where are the Attacks Happening? • 81% of phishing attacks target US-based entities • Significant increase in attacks targeting Canadian targets (+237%) • Focused on financial institutions • Sustained increase, not a quick spike • Switzerland, France, Italy, Germany also saw increases • China, Australia, Great Britain saw significant declines in attacks Proprietary and Confidential Copyright 2017PhishLabs 20
  • 21. Hosting Locations: Where are Phish Hosted? • More than half of all phishing sites hosting in the United States • Sharp increase in the number of phish hosted in Eastern Europe • Decline in phish hosted in East Asia Proprietary and Confidential Copyright 2017PhishLabs 21
  • 22. Top-Level Domains: How are Phish Hosted? • 51% of phishing sites hosted on .COM TLD • New gTLDs still associated with a small fraction of phishing sites, but they’re growing • 220 new gTLDs observed in 2016 vs. 66 in 2015 • Inexpensive option for phishers looking to have control over their infrastructure • Allow phishers to create legitimate-looking domains Proprietary and Confidential Copyright 2017PhishLabs 22
  • 23. Phish Kits: How are Phish Made? • Kits are the “recipe” for creating most phishing sites • Collecting & analyzing kits give us a more in-depth understanding of techniques used to carry out phishing scams • Anti-detection techniques • Access controls • Code obfuscation • Data exfiltration • Collected more than 29,000 kits in 2016 targeting 300+ different companies • More than a third used techniques to evade detection • 29% used methods to evade browser-based blocking • 22% utilized mechanisms to restrict access to phishing site Proprietary and Confidential Copyright 2017PhishLabs 23
  • 24. Ransomware: Yeah, That Happened… • Ransomware has been around for decades, but saw a massive surge in 2016 • Phishing was, by far, the most common method of delivery • Simplicity led to copycats • Ransomware-as-a-service • High rate of infection, low rate of payment • Threat actors evolved targeting tactics to change from individuals to strategic businesses Proprietary and Confidential Copyright 2017PhishLabs 24