Phishing scams move from finance to Facebook

Banks and other financial institutions such as Wells Fargo, PayPal and Bank of America might appear to be the most obvious targets for cybercriminals, but a report suggests that they attract less than half the number of phishing sites as tech and social media companies including Google, Facebook and Apple.

The findings come in the just-released 2016 edition of the annual Threat Brief issued by Webroot, the US-based international security and threat intelligence services provider Webroot. The firm reports that the reason for companies such as Facebook being targeted with more intensity is that their universal log-in credentials are used for multiple accounts belonging to the same user – bad news for their aspirations in business and consumer payments.

Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information.

Sophistication grows

Taking a step back to examine broader trends in online security threats, it’s increasingly evident that the shape of online security is changing fast. High-profile recent hacks, with targets that include HSBC, telecoms group TalkTalk and international hotels operator Hilton only highlight the growing vulnerability of businesses and consumers to attack.

Online threats are only getting more sophisticated, according to Webroot. The firm reports that malware and potentially unwanted applications (PUAs) are now mostly polymorphic, enabling them to change their attributes to avoid detection. Nearly all (97%) of today’s malware adapts to make itself unique to a specific endpoint device, which is in turn “rendering signature-based security virtually useless”. It should be noted that Webroot specialises in endpoint security.

Meanwhile, the number of new internet protocol (IP) addresses is rising swiftly, from 85,000 new addresses per day in 2014 to 100,000 last year and giving cyber criminals more options to hide behind.

Among other findings in the 2016 Threat Brief:

• The US continues to have the most malicious IP addresses of any country. In 2015, it accounted for over 40% of all malicious IP addresses, a sharp increase from 31% of malicious addresses in 2014. Collectively, the US, China, Japan, Germany and the UK Top host 75% of malicious IPs include the.
• As with malicious IP addresses, malicious uniform resource locators (URLs) are largely hosted in the U.S. (30%), followed by China (11%). The US is also by far the largest host of phishing sites, with 56% of sites within its borders.
• In the second half of 2015, 52% of new and updated apps were unwanted or malicious – a significant increase over the first half of 2014, when only 21% were unwanted or malicious.
• Hackers are increasingly resorting to zero-day phishing attacks as the means for stealing identities.

“2015 was yet another record year for cybercrime, during which more malware, malicious IPs, websites, and mobile apps were discovered than in any previous year,” says Hal Lonas, Webroot CTO. “It comes as no surprise to those of us in the internet security industry that the cybercrime ecosystem continues to thrive, given new innovations and little in the way of risk for those who choose to participate.

“The continued onslaught of hacks, breaches, and social engineering scams targeting individuals, businesses, and government agencies alike has caused many in the security field to ask if it’s truly possible to defend against a persistent attacker. We conclude that we can only succeed by being more innovative than our criminal opponents.”

Fighting back

Not surprisingly, the Threat Brief concludes that the increases in polymorphism and other malware trends, means that organisations need to bolster their security posture with next-generation endpoint protection and real-time, highly accurate threat intelligence to thwart cybercriminal activity.

“Dynamic intelligence enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defence-in-depth strategy,” the authors comment. “This is especially necessary when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them.

“Furthermore, individuals need to be more vigilant than ever about the websites they visit, the URLs they follow, and the applications they download and use.”


Related reading