End-of-Year Reports Show Key Cybercrime Trends

Three recently published reports provide different, but complementary, perspectives on cybercrime trends of which information-security and financial-crimes compliance officers should take note:

  1. APWG: First, on December 12, the APWG (formerly the Anti-Phishing Working Group) issued its Phishing Activity Trends Report for the third quarter of 2018. That report contained the following key points:
  • The number of brands targeted for phishing attacks steadily increased, from 231 in July) to 260 in August to 286 in September. (P. 3)
  • The total number of phish that APWG detected in 3Q 2018 was 151,014 – a 43 percent decrease from 2Q (233,040) and a 57 percent decrease from 1Q (263,538). (P. 4)
  • Phishing attacks that targeted cloud storage and file hosting sites fell substantially, from 11.3 percent of all attacks in Q1 to 9 percent in Q2 and to 6.5 percent in Q3. Payment processing was by far the sector most targeted for phishing attacks (38.2 percent), followed by Software as a Service (SAAS)/Webmail) (20.1 percent) and financial institutions (15.7 percent).  (P. 5)
  • While phishing remains most prevalent in the old, large global top-level domains (gTLD), such as .com, it is higher than normal in the new gTLDs and in repurposed ccTLDs. (P. 6)
  • Phishers are increasingly using “repurposed” domains – i.e., domains for which management rights have been granted to third parties, who have then “commercialized the TLDs as a way of hiding their phishing sites from detection.” (P. 7)
  • The number of phishing web sites using SSL/TLS encryption increased in 3Q to 49.4 percent, a significant increase from 35.2 percent in 2Q. (P. 8)
  • In Brazil, phishing attacks against Brazilian e-commerce sites decreased 53 percent from April to June 2018 after the FIFA World Cup, and decrease through 3Q, while attacks against Brazilian banks and credit unions slightly increased. (P. 9)

2.  McAfee: On December 19, McAfee issued its McAfee Labs Threats Report: December 2018, which examined activity “in the cybercriminal underground and the evolution of cyber threats” in 3Q 2018. The report contained the following findings:

  • McAfee stated that McAfee Labs “McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting [Internet of Things (IoT)] devices.”
  • “The ripple effect of the takedowns of the Hansa and AlphaBay dark web markets were still apparent in Q3. Competing marketplaces, such as Dream Market, Wall Street Market, and Olympus Market eagerly filled the gap left by law enforcement actions last year.” (P. 4)
  • McAfee saw “numerous mentions of Common Vulnerabilities and Exposures [(CVEs)]. The most recently published CVEs were hot topics in discussions of browser exploit kits—RIG, Grandsoft, and Fallout—and of ransomware, especially GandCrab. . . . These [and other] threads show that cybercriminals are eager to weaponize both new and old vulnerabilities. The popularity of these topics in underground forums should warn organizations to make vulnerability management a priority in their cyber resilience plans.” (P. 5)
  • “Large-scale credit card theft has shifted from point-of-sale systems to (third-party) payment platforms on large e-commerce sites.” (P. 5)
  • “We saw an increase in discussions of mobile malware, mostly targeting Android and focused on botnets, banking fraud, ransomware, and bypassing two-factor authentication.” (P. 7)
  • “Although we have seen a decline in the number of unique families during recent months, ransomware remained active in Q3. The decline in new families may be due to many ransomware actors switching to a more lucrative business model: cryptomining.” (P. 8)
  • “Mining cryptocurrency via malware is one of the big stories of 2018. Total “coin miner” malware has grown more than 4,000% in the past year.” (P. 10)
  • “In Q3, the Advanced Threat Research team recorded more than 35 publicly known targeted attacks. Cyber espionage was the biggest motivator for these attacks.” (P. 20)

3.  Police Scotland: Finally, on December 17, The Times published an article providing a timely reminder that sometimes wholly benign activities, such as expansion of Internet connectivity, can affect the incidence of cyberfraud in certain jurisdictions.  The article reported that according to Police Scotland, fraud in the Scottish islands — thanks to the growth of Internet banking, online shopping, and the installation of broadband in rural areas — had risen by as much as 700 per cent, as residents become victims of cybercriminals.  The fastest-growing method of cyberfraud was reportedly “vishing” – i.e., fraudsters’ contacting people by telephone to persuade them to send money or to disclose information such as website passwords.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s