On May 11, the APWG (formerly the Anti-Phishing Working Group) published its Phishing Activity Trends Report for the first quarter of 2020. Key findings and conclusions in the Report included the following:
- Attacks Against Zoom: In only one month’s time, the number of attacks against the videoconferencing and chat service Zoom that were reported to the APWG’s eCrime eXchange increased by several orders of magnitude, from eight phishing attacks in March to 1,054 attacks in April. These latter attacks included phishing attacks designed to steal Zoom account usernames and passwords and malware-delivery attacks.
- COVID-19 Themed Business Email Compromise Attacks: According to the Report, COVID-19 themed phishing attacks started spiking the week of March 8. These attacks included business email compromise (BEC) schemes.
- Ransomware Attacks Against Healthcare Facilities: On March 26, the cybersecurity firm RiskIQ’s Incident Investigation & Intelligence (i3) team found that ransomware attacks on healthcare facilities had increased 35 percent in comparison to similar attacks from 2016 through 2019. RiskIQ found that 70 percent of the healthcare attacks that it analyzed were directed at healthcare facilities with fewer than 500 employees. The Report noted that “[i]It appears that attackers targeted smaller direct-patient care facilities because they might have smaller security budgets.”
- Total Phishing Sites Detected: The Report stated that the total number of phishing sites detected in the first quarter of 2020 was 165,772 – a slight increase from the 162,155 sites detected in the preceding quarter. Since November 2019, there as been a general increase in the number of detected phishing sites, although those numbers fall short of the nearly 80,000 sites detected in October 2019.
- Unique Phishing Websites Detected: The number of unique phishing websites fluctuated from 54,926 in January to 49,560 in February to 60,286 in March.
- Unique Phishing Email Reports: The number of unique phishing e-mail reports (campaigns) that APWG received varied more substantially, from 52,407 in January to 43,270 in February, before increasingly slightly to 44,008 in March.
- Brands Targeted by Phishing Campaigns: The number of brands that phishing campaigns targeted ranged from 374 in January to 331 in February to 344 in March.
- Most-Targeted Industry Sectors: Software-as-a-Service (SaaS) and webmail sites remained the greatest targets of phishing, accounting for 34 percent of all attacks. The financial institution sector constituted 19.4 percent of all attacks, but the payment sector dropped significantly from 20 percent of all attacks in the preceding four quarters to only 13.3 percent.
- BEC Schemes: Phishing defense provider Agari reported that gift cards accounted for 66 percent of all BEC cash-out schemes, an increase from 56 percent in the preceding quarter, while direct transfer accounted for 18 percent and payroll diversion for 16 percent. The Report took note of the fact that the amount of money that an attacker can make by obtaining gift cards “is significantly less than he can get with a wire transfer,” but that BEC attacks seeking wire transfers were seeking much larger amounts. The average gift-card requested amount was $1,453, while the average wire-transfer requested amount was $54,006. One reported BEC attempt sought $976,522.
- Online Criminal Activity in Brazil: During the first quarter, digital risk solutions provider Axur observed 10,910 cases of phishing directed at Brazilian brands or foreign services that are available in Portuguese in Brazil. That total represents a 24 percent increase over the fourth quarter of 2019 (8,782), and a 239 percent increase over the first quarter of 2019 (3,220). Accounts against ecommerce sites, which accounted for a third of attacks in the first quarter, “are more prevalent in Brazil than elsewhere.”
- Use of Secure Socket Layer in Phishing Attacks: Although the percentage of phishing attacks using the HTTPS encryption protocol has risen almost continuously since the third quarter of 2016, the Report stated that during the first quarter of 2020 the percentage of phishing sites using SSL reached a high of 74 percent.
Note: Information-security officers should share this Report with their teams, and incorporate key findings from the Report into their briefings of senior executives. It is important that senior leadership across multiple industries recognize the continuing sophistication and complexity of cyberattacks, and provide the financial and human resources necessary to keep abreast of the constantly morphing cyberthreats most likely to threaten their operations.