PhishLabs' Phishing Trends and Intelligence annual report provides insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks. It provides context and perspective into HOW and WHY these trends are occurring
By understanding the threat, we can better defend against it. The report data is sourced from more than one million confirmed phishing sites residing across more than 170,000 unique domains. We investigated more than 7,800 phishing attacks every month, identifying the underlying infrastructure used in the attacks and shutting them down. The report uses this data to illuminate significant trends, tools, and techniques being used by the threat actors.
Do download the on-demand full webinar, click here: https://info.phishlabs.com/phishing-trends-and-intelligence-pti-report-webinar
Do download the PTI Report, click here: https://info.phishlabs.com/2017-phishing-trends-and-intelligence-report-pti
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
Phishing is not cybercrime, phishing is the exploitation of people. In this presentation, PhishLabs walks through the problem phishing poses to businesses and how you can prepare your employees with effective security awareness training, robust intelligence and tools to fight back against the threat. Download the on-demand version of the full webinar here: https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
If you're interested in signing up for our webinar series, click here:
https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
Phishing basics: include its history
Introduction: phishing in detail
Techniques: Techniques used like link manipulation,web forgery
New phish: spear phishing
reason behind phishing
latest case study
survey: on top hosting and victim countries
Examples: popular website and email examples
The Rise of Spear Phishing & How to Avoid being the Next HeadlinePhishLabs
Phishing is not cybercrime, phishing is the exploitation of people. In this presentation, PhishLabs walks through the problem phishing poses to businesses and how you can prepare your employees with effective security awareness training, robust intelligence and tools to fight back against the threat. Download the on-demand version of the full webinar here: https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
If you're interested in signing up for our webinar series, click here:
https://info.phishlabs.com/the-rise-of-spear-phishinghow-to-avoid-being-the-next-headline
-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cybercriminals. In this presentation, we will help you understand about phishing and tell you how you can avoid phishing attacks.
Phishing basics: include its history
Introduction: phishing in detail
Techniques: Techniques used like link manipulation,web forgery
New phish: spear phishing
reason behind phishing
latest case study
survey: on top hosting and victim countries
Examples: popular website and email examples
This is a presentation I have delivered to many organisations over the past 12 months on the subject of Spear Phishing. It shows how easily companies can fall victim to Spear Phishing attacks and the methods that criminals use to increase their chances of success.
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
Phishing is a top organizational security vulnerability because it involves the exploitation of human weakness. This ControlScan National Cyber Security Awareness Month presentation teaches employees how to spot and combat a phishing attack.
What threatens us in cyberspace?
Phishing: typology of threats
Phishing protection
What is anti-phishing protection?
Website protection
Company and online fraud protection
Conclusion
Learn more about cyber attacks and find out how to secure yourself - https://hacken.live/2BwYyOo
Phishing is a form of fraud online. The thief uses phishing emails to distribute malicious links that can perform a variety of functions, including the extraction of login credentials or account information from victims.
This is a presentation I have delivered to many organisations over the past 12 months on the subject of Spear Phishing. It shows how easily companies can fall victim to Spear Phishing attacks and the methods that criminals use to increase their chances of success.
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
Phishing is a top organizational security vulnerability because it involves the exploitation of human weakness. This ControlScan National Cyber Security Awareness Month presentation teaches employees how to spot and combat a phishing attack.
What threatens us in cyberspace?
Phishing: typology of threats
Phishing protection
What is anti-phishing protection?
Website protection
Company and online fraud protection
Conclusion
Learn more about cyber attacks and find out how to secure yourself - https://hacken.live/2BwYyOo
Phishing is a form of fraud online. The thief uses phishing emails to distribute malicious links that can perform a variety of functions, including the extraction of login credentials or account information from victims.
Phishing is a method that hackers use to fraudulently acquire sensitive or private information from a victim by impersonating a real entity (Turban, Leidner, McLean, & Wetherbe, 2010). Phishing can be defined as the act of soliciting or stealing sensitive information such as usernames, passwords, bank account numbers, credit card numbers, and social security or citizen ID numbers from individuals using the Internet (Ohaya, 2006). Phishing often involves some kind of deception. The results from a study of Jagatic et al. (2007) indicate that Internet users are four times more likely to become phishing victims if they receive a request from someone appearing to be a known friend or colleague. The Anti-Phishing Work Group indicates that at least five percent of users responded to phishing scams and about two million users gave away their information to spoofed websites (APWG, 2009). This results in direct losses of $1.2 billion for banks and credit card companies (Dhamija, 2006). In order to understand how phishing can be conducted, the researcher set up a phishing experiment in one of Thailand’s higher education institutions. The subjects were MBA students. A phishing email was sent to the subjects, and the message led the subject to visit the phishing website. One hundred seventy students became victims. The data collection included a survey, an interview, and a focus group. The results indicated that phishing could be easily conducted, and the result can have a great impact on the security of an organization. Organizations can use and apply the lessons learned from this study to formulate an effective security policy and security awareness training programs.
Phishing trends and Collaborative Efforts to Fight CybercrimeAPNIC
Phishing trends and Collaborative Efforts to Fight Cybercrime, by Foy Shiver and Jorge Aguila Vila.
A presentation given at the APNIC 40 APNIC Services session on Wed, 9 Sep 2015.
Use of hog descriptors in phishing detectionSelman Bozkır
In this paper we are diving into the details of an anti phishing detection system which employs HOG features.
* The presentation is built with voice recording
From this ppt you can know about the basic of phishing with having some cases that tracked by the Indian police & also there are some section related to the Phishing.
I think this will be a good ppt for u.........suggestion will be invited on "singh7737777476@gmail.com" thankx for the downloading this & feel free to share your ideas.
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APTJimmy Shah
Mobile devices are not simply PCs. While one knows to look for an Advanced Persistent Threat(APT) on their desktop endpoints, mobile tends to be ignored. Setting up an MDM solution is not enough. Installing AV on as many devices as possible is not enough. The holes in the net are still too wide; attackers have more options than just malicious apps for getting on your network.
Topics covered will be:
How attackers are moving to mobile in order to bypass traditional protection.
Apps are only one part of the problem. Documents, email, messaging are still left wide open
Bypassing Mobile Antivirus
Bypassing MDM, MAM and Containers
Attackers are turning from apps to exploits.
Finally we’ll cover what to do next – how to effectively deal with Mobile APT.
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
As an active security researcher with immense professional expertise in application security, Jason Haddix joins us to explain the common attack vectors that face today’s mobile applications -- from a hacker’s perspective.
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
For years, security researchers and leaders have warned: “The mobile threat is coming.” Well, in 2016 it arrived in full force. Attackers are finding new, creative means of stealing user credentials and penetrating critical systems via the mobile channel. And healthcare entities—with an increasingly mobile workforce and patient population—are square in the middle of this expanding mobile threatscape, as attackers seek to capture and monetize critical healthcare data.
What are the most prevalent new threats, and what are leading organizations doing to bolster mobile security as we head into 2017?
This interview with BlackBerry VP Government Solutions Sinisha Patkovic, on Mobile Security: Preparing for the 2017 Threat Landscape, was produced for of a recent ISMG Security Executive Roundtable sponsored By BlackBerry.
A report providing an overview of the Security Technology startup landscape, graphical trends and insights, and recent funding and exit events. Contact info@venturescanner.com to learn more!
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
2017 Phshing Trends and Intelligence Report: Ransomware ExplosionPhishLabs
The Why, Who, How, and What of Ransomware: Why ransomware exploded in popularity? Who are the actors? How is ransomware being delivered? What makes a successful ransomware family?
Beyond takeover: stories from a hacked accountImperva
In this presentation, Imperva researchers explore the dynamics of credential theft. The team reversed a phishing hook to hack and track phishers using the same methods that phishers use on their victims. The presentation explores questions such as how long it takes from takeover to exploitation, what the attacker looks for in the hacked account, which decoys attract their attention, and what security practices they use to cover their tracks. Check out the slides and read the report to learn about real-world takeover stories and best practices for breach detection and remediation to protect your data. Read the full report: https://www.imperva.com/DefenseCenter/HackerIntelligenceReports
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesDavid Dourgarian
What cybersecurity measures do you have in place? If you’re not sure your safety measures are up to par with cybersecurity threats, then this is a session you won’t want to miss. Paula Sanchez, Talent Acquisition and Process Manager/Facility Security Officer for NSC Technologies, leads this session and delivers helpful tips and information about raising employee awareness, employing a risk assessment approach, updating password policies, phishing, protecting PII, and incident reporting.
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Javier Vargas
Presented at ECrime 2016 - Toronto - APWG
Phishing attacks against financial institutions constitutes a major concern and forces them to invest thousands of dollars annually in prevention, detection and takedown of these kinds of attacks. This operation is so massive and time critical that there is usually no time to perform analysis to look for patterns and correlations between attacks. In this work we summarize our findings after applying data analysis and clustering analysis to the record of attacks registered for a major financial institution in the US.
We use HTML structure and content analysis, as well as domain registration records and DNS RRSets information of the sites, in order to look for patterns and correlations between phishing attacks. It is shown that by understanding and clustering the different types of phishing sites, we are able to identify different strategies used by criminal organizations.
Furthermore, the findings of this study provide us valuable insight into who is targeting the institution and their, which gives us a solid foundation for the construction of more and better tools for detection and takedown, and eventually for forensic analysts who will be able to correlate cases and perform focused searches that speed up their investigations.
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
2016 was a year in which everything was bigger – bigger breaches, larger attacks, and bigger repercussions. Whether it was the evolution of DDoS attacks into the record-shattering Mirai botnet that disrupted large portions of the internet or insidious commercial banking Trojans available for sale as ready-made malware kits, the tone of cyberattacks darkened in 2016 while illuminating one key fact: many companies are not applying basic security fundamentals to their IT environments.
Attend this webinar to learn:
The top-level security trends from 2016, and what it could mean for 2017, including the political and intellectual property concerns stemming from large-scale data leaks
Why classic attack vectors continue to be a weapon of choice for those seeking to disrupt operations and steal data
Why a lower attack rate for the average security client may not be good news
What steps your organization can take to protect against these attacks
Belton Zeigler speaks on cybersecurity at the SC Municipal Association's Risk Managers conference in November 2017.
The discussion centered around the changing cyber threat landscape as it applies to smaller, data-dependent organizations.
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
Aaron Higbee - The Humanity of Phishing Attack & Defensecentralohioissa
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
Security tools don’t help when they work after the fact. Proactive identification of standard descriptors and confidential information must occur as content is created or ingested. Tough job? No, not really, as this webinar explains.
It takes only one vulnerability to cause a breach. 68% of all data breaches are caused internally. And 49% of SharePoint organizations have experienced at least one breach. There can be significant repercussions from data that has been exposed, ranging from hefty fines to irreparable brand damage.
Identifying and protecting data before breaches occur is the only way you can be certain that your content is protected. Most organizations are unprepared for this type of attack. Make sure yours is not one of them by understanding the issues and how to address them
• The big picture of security challenges – what’s hot with cyber criminals, and what’s not
• Data breach targets, such as email, mobile, shadow IT, collaboration, and provisioning
• Security risks and how to resolve them
• Your security checklist
• Benefits of a proactive approach
• How not to get hacked
Speakers:
John Challis – Chief Executive Officer at Concept Searching
Carla Mulley – Vice President of Marketing at Concept Searching
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
Cerdant is celebrating its 15th year providing the best security possible to all our customers. Our system enhancements and increased IDS capabilities will shorten the time interval on “discovery and containment” to reduce or eliminate “exfiltration”. Mike also reviewed the top information security stories of 2016 and revealed the top tools for combatting cybercriminals.
What a locked down law firm looks like updatedDenim Group
This session will focus on real-world case studies and actionable next steps for security professionals looking to protect their firms and the sensitive client data they maintain.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
Join Star One Credit Union, a financial institution with more than $9B in assets, as they discuss how they leverage their Guardian Analytics financial crime prevention platform to detect anomalies and suspicious activity in their online, mobile, and payments channels.
In these slides, Margarete Mucker, EVP of Operations from Star One Credit Union, shares what her organization is doing to protect their members from fraud.
Preventing Fraud with a Multi-Channel ApproachLaurent Pacalin
Margarete Mucker, EVP at Star One Credit Union, and Karen Webster, CEO PYMTS.com, discuss the benefits of Machine Learning fraud detection solutions from Guardian Analytics.
Similar to 2017 Phishing Trends & Intelligence Report: Hacking the Human (20)
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
2017 Phishing Trends & Intelligence Report: Hacking the Human
1.
2. 2017 R.A.I.D. Webinar Series
• What’s it about?
• Insights from our Research, Analysis, Intelligence Division and other PhishLabs’ experts
• Hosted every month, exact dates TBD
• Focus on current threat campaigns – dissect attacks, scams, campaigns, and discuss threat
actors
• Goal: equip you to better secure your network, your employees, your company and your
customers
• Who should attend?
• Open invitation – feel free to share!
• Security leaders and professionals responsible for managing cyber threats
3.
4. February agenda
2017 Phishing Trends & Intelligence Report: Hacking the Human
Proprietary and Confidential
Copyright 2017 PhishLabs
4
Crane Hassold
Senior Security Threat Researcher
5.
6.
7. Phishing Trends & Intelligence Report Purpose
• Provide insight on significant trends, tools, and techniques used by
threat actors to carry out phishing attacks
• Provide context and perspective into HOW and WHY these trends
are occurring
• By understanding the threat, we can better defend against it
Proprietary and Confidential
Copyright 2017PhishLabs
7
8. Methodology
Proprietary and Confidential
Copyright 2017PhishLabs
8
• Analysis of nearly 1 million confirmed malicious phishing sites hosted on more
that 170,000 unique domains and more than 66,000 unique IP addresses
• “Attack” = domain hosting phishing content
• Volume vs. Share
• Volume relates to the raw, cumulative number of attacks
• Share references the percentage of attacks relative to the entire attack population
9. Industry Trends: Who is Being Targeted?
• 976 brands from 568 parent institutions targeted by phishing attacks in 2016
• 91% of all attacks targeted five industries
• Financial institutions
• Cloud storage services
• Webmail/online services
• Payment services
• E-commerce sites
• Attack volume targeting the top 5 industries grew by an average of 33%
• Financial institutions still the most targeted industry…barely
Proprietary and Confidential
Copyright 2017PhishLabs
9
10. The Rise of Cloud Storage Phish
• Attacks targeting cloud storage services
expected to surpass those targeting
financial institutions in 2017
• Percentage of attacks targeting FIs have been
steadily declining
• Cloud storage phish made up less than 10%
in 2013; now account for nearly a quarter
• 90% of cloud storage phish target only
two companies (Google, Dropbox)
Proprietary and Confidential
Copyright 2017PhishLabs
10
11. Evolving Motivations
• Three primary motivations for fraud-based phishing:
1. Immediate Account Takeover
2. Credential Proliferation
3. Data Diversification
Proprietary and Confidential
Copyright 2017PhishLabs
11
12. Motivation #1: Immediate Account Takeover
• Historically, the primary motivator for phishing
attacks
• Targets are usually banks and payment service
companies
• Immediate, direct profit
• Industries impacted by these attacks have seen
a decline in volume
Proprietary and Confidential
Copyright 2017PhishLabs
12
2013
64%
2016
37%
13. Motivation #2: Credential Proliferation
• Attackers mass harvest credentials for the
purpose of attacking secondary targets
• Focused on web services that use email
addresses as a primary credential
• Indirect profit
• Significant increase in targeting
Proprietary and Confidential
Copyright 2017PhishLabs
13
2013
21%
2016
46%
14. A Systemic Vulnerability
• The shift in targeted industries is driven by a major vulnerability -- the use of email
address as a primary credential
• Target one = target all
• Facilitates password reuse attacks
• 39% of users reuse passwords across services (Pew Research, 2017)
Proprietary and Confidential
Copyright 2017PhishLabs
14
16. Motivation #3: Data Diversification
• Purpose is to collect more comprehensive
information about a victim
• Impacted industries include e-commerce
sites and government services
• Phishing attacks targeting tax agencies have
increased 300% since 2014
• IRS phish in January 2016 exceeded volume of
attacks seen in all of 2015
• Less frequent, higher impact
• Used to commit other types of crimes (e.g.,
identify theft, tax fraud)
• Also used to facilitate future phishing activity
(e.g., phone numbers)
Proprietary and Confidential
Copyright 2017PhishLabs
16
17. Why are We Seeing This Shift?
• Phishing threat actors are evolving their tactics to:
1. Make their jobs easier
2. Expand the avenues of profit
3. Take advantage of ease-of-use features built into many websites
• By shifting their targets and techniques, phishers have:
1. Made credential collection more efficient
2. Focused on collecting a wider breadth of information to facilitate other crimes
3. Moved to a more indirect, but likely more lucrative, profit motive
4. Adapted to security controls used by FIs and payment service companies
Proprietary and Confidential
Copyright 2017PhishLabs
17
18. What are the Implications?
• Password reuse attacks serious threat to secondary targets
• Cloud storage and SaaS accounts are not the primary targets
• Expect that customers have already been compromised elsewhere
• “It’s not my problem” paradox
• Brand reputation issues
Proprietary and Confidential
Copyright 2017PhishLabs
18
19.
20. Country Trends: Where are the Attacks Happening?
• 81% of phishing attacks target US-based
entities
• Significant increase in attacks targeting
Canadian targets (+237%)
• Focused on financial institutions
• Sustained increase, not a quick spike
• Switzerland, France, Italy, Germany also
saw increases
• China, Australia, Great Britain saw
significant declines in attacks
Proprietary and Confidential
Copyright 2017PhishLabs
20
21. Hosting Locations: Where are Phish Hosted?
• More than half of all phishing sites
hosting in the United States
• Sharp increase in the number of phish
hosted in Eastern Europe
• Decline in phish hosted in East Asia
Proprietary and Confidential
Copyright 2017PhishLabs
21
22. Top-Level Domains: How are Phish Hosted?
• 51% of phishing sites hosted on .COM TLD
• New gTLDs still associated with a small
fraction of phishing sites, but they’re
growing
• 220 new gTLDs observed in 2016 vs. 66 in 2015
• Inexpensive option for phishers looking to have
control over their infrastructure
• Allow phishers to create legitimate-looking
domains
Proprietary and Confidential
Copyright 2017PhishLabs
22
23. Phish Kits: How are Phish Made?
• Kits are the “recipe” for creating most phishing sites
• Collecting & analyzing kits give us a more in-depth understanding of techniques
used to carry out phishing scams
• Anti-detection techniques
• Access controls
• Code obfuscation
• Data exfiltration
• Collected more than 29,000 kits in 2016 targeting 300+ different companies
• More than a third used techniques to evade detection
• 29% used methods to evade browser-based blocking
• 22% utilized mechanisms to restrict access to phishing site
Proprietary and Confidential
Copyright 2017PhishLabs
23
24. Ransomware: Yeah, That Happened…
• Ransomware has been around for decades, but saw a massive surge in 2016
• Phishing was, by far, the most common method of delivery
• Simplicity led to copycats
• Ransomware-as-a-service
• High rate of infection, low rate of payment
• Threat actors evolved targeting tactics to change from individuals to strategic
businesses
Proprietary and Confidential
Copyright 2017PhishLabs
24