Cybercrime Gangs Continue To Innovate

Uploaded on 2019-01-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

According to the APWG’s Phishing Activity Trends Report, after spiking in the spring, phishing has been taking place at a steady pace, but phishers are using new techniques to carry out their attacks, and obfuscate their origins, to make the most of every phishing campaign.

APWG is the international coalition unifying the global response to cybercrime. APWG’s membership of more than 2200 institutions worldwide is as global as its outlook, with its directors, managers and research fellows advising: national governments; global governance bodies.

The total number of phish detected by APWG in Q3 2018 was 151,014. This was down from 233,040 in Q2 and 263,538 in Q1. There was an unusual rash of phishing in the spring of 2018, and the amount of phishing in Q3 was a return to the kind of levels seen through 2017. But while the number of attacks subsided, APWG’s contributing researchers noticed ways in which phishers have been making their attacks more effective and harder to detect.

Phishers are increasingly using web page redirects as a way of hiding their phishing sites from detection. When victims click on links in phishing emails, redirects take the user on an unwitting journey through other sites before arriving at the phishing site itself.

Once the victim submits his or her credentials, still more redirects make take the victim to yet another domain.

The researchers at APWG member PhishLabs have observed that half of all phishing sites now use SSL encryption, which can fool users into thinking that a site is safe to use, for example, by virtue of the green lock symbol that appears in the browser address bar when SSL encryption is enabled.

Some of the increase comes from phishers adding HTTP encryption to their phishing sites, a technique that turns a security feature against the victims.

APWG contributor RiskIQ analysed where phishing falls in the domain name space, and found that certain top-level domains have notable amounts of phishing in them, both in absolute and relative terms.

Some of this phishing is attributable to phishers who register in top-level domains that offer domain names for free.

HelpNetSecurity:

You Might Also Read:

What's Your Digital Data Worth?:
 

« Fortnite Teen Hackers 'Earning Thousands of Pounds a Week'
US Treasury Sanctions Russians For Electoral Interference »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

National Cybersecurity Agency (ANCS) - Tunisia

National Cybersecurity Agency (ANCS) - Tunisia

ANCS (L'Agence Nationale de la Cybersécurité) is the national cybersecurity agency for Tunisia.

Allianz Commercial

Allianz Commercial

Allianz Commercial is the center of expertise and global line of Allianz Group for insuring mid-sized businesses, large enterprises and specialist risks.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Hexiosec

Hexiosec

Hexiosec (formerly Red Maple Technologies) is a technical consultancy and product company founded and run by engineers from the UK Intelligence and Defence communities.