The APWG (Anti-Phishing Working Group) recorded more phishing attacks so far in 2016 that at any time in its twelve years of monitoring
The group found unique phishing sites growing at an enormous rate – in the first quarter, nearly 290 000 were detected, with 123.5 000 of these being discovered in March alone. This bears out reports of Russian gangs (and others) generating unbelievable quantities of temporary ‘sites for use in organized crime, and for Malware-as-a-Service (or MaaS).
The 250% increase in phishing sites is undoubtedly a part of a wider market strategy by the criminals. Greg Aaron of APWG explained his observations: “We always see a surge in phishing during the holiday season, but the number of phishing sites kept going up from December into the spring of 2016“.
A phishy business
Increasingly, phishing is being used to deliver a variety of malware, with a large rise in ransomware targeting business using Business E-mail Compromise (BEC) methods. More frequently, hackers are targeting cloud-based retail companies, financial institutions and their customers. Dave Jevans, AWPG has noticed this change in strategy, “Globally, attackers using phishing techniques have become more aggressive in 2016 with keyloggers that have sophisticated tracking components to target specific information and organizations such as retailers and financial institutions that top the list.”
Ransomware needs the phish market
Ransomware is predicted by many specialists (including PandaLabs and Forcepoint) to prove to be be the widest , most dangerous threat of 2016, and of course – in order to attack a half-intelligent/informed work-force, ever-more effective methods of delivery must be found by the hackers. This is where phishing plays a part, creating veracity (for example – in the recently reported Middle East bank compromise).
Carl Leonard of Forcepoint commented, “The onslaught of ransomware has not abated in 2016. Ransomware authors exhibited a willingness to adjust their scare tactics and software in Q1 2016 as they sought to scam more end-users.”
Phising is becoming increasingly popular as a pastime with hackers – so be careful what you click on – or you may catch something nasty.