Hosts` Slow Response Time Increases the Number of Phishing Attacks

The number of phishing attacks against users has risen up to 4.44 million (14%) in the second quarter of 2016. Researchers are worried that if this current pattern continues, by the end of next year, the numbers will break the 8 million phishing pages mark.

These stats were revealed by the security company Cyren, whose Cyberthreat Report for Q2 was concentrated on malicious phishing URLs spread on the Internet. The paper also pinpoints that approximately 50% of all phishing webpages are taken down within 24 hours, if not by the crooks themselves, by ISPs or security experts. Only 40% of them appear to last more than two days and the rest don’t even last more than three hours.

According to a PhishMe study from December last year, all phishing attacks are most effective during their first day, before being noticed by platforms, researchers or security products.

Web Browsers are playing a very important role when it comes to detecting these malicious attacks. For instance, the Google’s Safe Browsing API are really helpful. According to Cyren, Chrome and Firefox are dealing with phishing or other dangerous pages` detection faster than any other browser. For 48 hours Chrome caught 73.9% of phishing attacks, Firefox detected 52.2%, while Internet Explorer and Edge browsers got only 21.7%

Google Chrome needed 6 hours and 23 minutes to mark a phishing page as perilous via a warning inside the browser window, meaning that around 30% of all phishing attacks can still go through. For Firefox it took 10 hour and 52 minutes, and Internet Explorer and Edge needed 15 hours and 29 minutes.

However, Cyren says that users are not safe enough relying only on browsers` protection features and that a powerful security product is always a better option. The number one target of these phishing attacks is the Amazon service with 224,310 URLs trying to steal users` data. Amazon is closely followed by Apple (175,506 URLs), eBay (66,226), PayPal (33,850) and Google (29,234).

Out of these top 5 targets, PayPal is the only service which work with the users` money directly and it still takes only the 4th place. However, Amazon and eBay give the crooks the opportunity to go on quick shopping tours and, as for Google and Apple, attackers are using them as a platform for other types of criminal activities.

The security researcher @MalwareHunterTeam has been looking for phishing and tech support sites for months and informing domain registrars and companies about malicious URLs they are hosting. There has been a previous report emphasizing on how long it takes for some host to respond to these warnings. There were time were the cybercriminals had managed to register more than 100 domains to host phishing and tech support pages. Smaller companies are usually able to answer quickly but for larger ones sometimes it takes weeks to respond.

The Cyren Cyberthreat Report for Q2 reminds us that it is absolutely essential for host companies to respond as soon as possible to these warning reports. For instance, these 50+ phishing sites from four days ago and these 11 from over a week ago should have received a faster response time.

Two days ago, the MalwareHunterTeam notified Softpedia about their GoDaddy problem. He warned them about another 18 suspicious domains connected to the previous 11, and there is still no response.

A much bigger effort is needed by the hosting and domain registration sector in order for it to be able to fight this major problem. Cyber crooks are aware that their attacks are strongest within their first hours, or maximum a day. For these threat to be prevented companies really need to improve their response time.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.