Phishers Shift Efforts To Attack SaaS and Webmail Services

Tony MasonSecurity Awareness & Phishing

A new report out today provides us with some good news and some bad for the beginning of 2019. According to Help Net Security ‘the good news is that the total number of conventional, spam-based phishing campaigns declined as 2018 came to a close.  The bad news is that users of software-as-a-service (SaaS) systems and webmail services are being increasingly targeted.’

APWG have just issued their Q4 2018 Phishing Activity Trends Report and it shows the number of confirmed phishing sites declined towards the end of 2018.  They report 138,328 in Q4,versus 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1. Although, overall phishing sites grew 220% over the course of the year and phishing attacks increased 36%.

Phishing Sites

This new decline in the number of phishing campaigns may have been down to anti-phishing efforts. It may also be because criminals are moving to more specialised and lucrative forms of e-crime than pure mass-market phishing.  However, there is also a growing concern that the decline may actually be down to the fact they are going undetected. It is suggested that techniques are becoming ever more sophisticated.  Detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes. Also attackers are creating multiple redirects in spam-based phishing campaigns.  They take users (and automated detectors) from an email, through multiple URLs on multiple domains before finally depositing the potential victim at the actual phishing site.

New Preferred Targets

Phishing targeting SaaS and Webmail services increased from 20.1% of all attacks in Q3 to almost 30% in Q4. Attacks against cloud storage and file hosting sites continued to decrease, falling from 11.3% of all attacks in Q1 2018 to only 4% in Q4 2018.

 

Phishing Attacks Hosted on HTTPS & SSL

 

Phishing Attacks Hosted on HTTPS

Interestingly, researchers at APWG member Phish Labs noted that in Q4 2018, the number of phishing attacks hosted on websites that have HTTPS and SSL certificates declined for the first time in history. However, 47% of phishing attacks are still hosted on sites that use digital certificates to make attacks look legitimate, fooling users into thinking they are secure, and to avoid any browser warnings.

So whatever the shift in trends, we still need to remain vigilant and aware of the developments and increased sophistication of the attackers at large.