SlideShare a Scribd company logo

2017 Phishing Trends & Intelligence Report: Hacking the Human

PhishLabs
PhishLabs

PhishLabs' Phishing Trends and Intelligence annual report provides insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks. It provides context and perspective into HOW and WHY these trends are occurring By understanding the threat, we can better defend against it. The report data is sourced from more than one million confirmed phishing sites residing across more than 170,000 unique domains. We investigated more than 7,800 phishing attacks every month, identifying the underlying infrastructure used in the attacks and shutting them down. The report uses this data to illuminate significant trends, tools, and techniques being used by the threat actors. Do download the on-demand full webinar, click here: https://info.phishlabs.com/phishing-trends-and-intelligence-pti-report-webinar Do download the PTI Report, click here: https://info.phishlabs.com/2017-phishing-trends-and-intelligence-report-pti

Internet
1 of 26
Download to read offline
2017 R.A.I.D. Webinar Series • What’s it about? • Insights from our Research, Analysis, Intelligence Division and other PhishLabs’ experts • Hosted every month, exact dates TBD • Focus on current threat campaigns – dissect attacks, scams, campaigns, and discuss threat actors • Goal: equip you to better secure your network, your employees, your company and your customers • Who should attend? • Open invitation – feel free to share! • Security leaders and professionals responsible for managing cyber threats
February agenda 2017 Phishing Trends & Intelligence Report: Hacking the Human Proprietary and Confidential Copyright 2017 PhishLabs 4 Crane Hassold Senior Security Threat Researcher
Phishing Trends & Intelligence Report Purpose • Provide insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks • Provide context and perspective into HOW and WHY these trends are occurring • By understanding the threat, we can better defend against it Proprietary and Confidential Copyright 2017PhishLabs 7
Methodology Proprietary and Confidential Copyright 2017PhishLabs 8 • Analysis of nearly 1 million confirmed malicious phishing sites hosted on more that 170,000 unique domains and more than 66,000 unique IP addresses • “Attack” = domain hosting phishing content • Volume vs. Share • Volume relates to the raw, cumulative number of attacks • Share references the percentage of attacks relative to the entire attack population
Industry Trends: Who is Being Targeted? • 976 brands from 568 parent institutions targeted by phishing attacks in 2016 • 91% of all attacks targeted five industries • Financial institutions • Cloud storage services • Webmail/online services • Payment services • E-commerce sites • Attack volume targeting the top 5 industries grew by an average of 33% • Financial institutions still the most targeted industry…barely Proprietary and Confidential Copyright 2017PhishLabs 9
The Rise of Cloud Storage Phish • Attacks targeting cloud storage services expected to surpass those targeting financial institutions in 2017 • Percentage of attacks targeting FIs have been steadily declining • Cloud storage phish made up less than 10% in 2013; now account for nearly a quarter • 90% of cloud storage phish target only two companies (Google, Dropbox) Proprietary and Confidential Copyright 2017PhishLabs 10
Evolving Motivations • Three primary motivations for fraud-based phishing: 1. Immediate Account Takeover 2. Credential Proliferation 3. Data Diversification Proprietary and Confidential Copyright 2017PhishLabs 11
Motivation #1: Immediate Account Takeover • Historically, the primary motivator for phishing attacks • Targets are usually banks and payment service companies • Immediate, direct profit • Industries impacted by these attacks have seen a decline in volume Proprietary and Confidential Copyright 2017PhishLabs 12 2013 64% 2016 37%
Motivation #2: Credential Proliferation • Attackers mass harvest credentials for the purpose of attacking secondary targets • Focused on web services that use email addresses as a primary credential • Indirect profit • Significant increase in targeting Proprietary and Confidential Copyright 2017PhishLabs 13 2013 21% 2016 46%
A Systemic Vulnerability • The shift in targeted industries is driven by a major vulnerability -- the use of email address as a primary credential • Target one = target all • Facilitates password reuse attacks • 39% of users reuse passwords across services (Pew Research, 2017) Proprietary and Confidential Copyright 2017PhishLabs 14
A Systemic Vulnerability Proprietary and Confidential Copyright 2017PhishLabs 15
Motivation #3: Data Diversification • Purpose is to collect more comprehensive information about a victim • Impacted industries include e-commerce sites and government services • Phishing attacks targeting tax agencies have increased 300% since 2014 • IRS phish in January 2016 exceeded volume of attacks seen in all of 2015 • Less frequent, higher impact • Used to commit other types of crimes (e.g., identify theft, tax fraud) • Also used to facilitate future phishing activity (e.g., phone numbers) Proprietary and Confidential Copyright 2017PhishLabs 16
Why are We Seeing This Shift? • Phishing threat actors are evolving their tactics to: 1. Make their jobs easier 2. Expand the avenues of profit 3. Take advantage of ease-of-use features built into many websites • By shifting their targets and techniques, phishers have: 1. Made credential collection more efficient 2. Focused on collecting a wider breadth of information to facilitate other crimes 3. Moved to a more indirect, but likely more lucrative, profit motive 4. Adapted to security controls used by FIs and payment service companies Proprietary and Confidential Copyright 2017PhishLabs 17
What are the Implications? • Password reuse attacks serious threat to secondary targets • Cloud storage and SaaS accounts are not the primary targets • Expect that customers have already been compromised elsewhere • “It’s not my problem” paradox • Brand reputation issues Proprietary and Confidential Copyright 2017PhishLabs 18
Country Trends: Where are the Attacks Happening? • 81% of phishing attacks target US-based entities • Significant increase in attacks targeting Canadian targets (+237%) • Focused on financial institutions • Sustained increase, not a quick spike • Switzerland, France, Italy, Germany also saw increases • China, Australia, Great Britain saw significant declines in attacks Proprietary and Confidential Copyright 2017PhishLabs 20
Hosting Locations: Where are Phish Hosted? • More than half of all phishing sites hosting in the United States • Sharp increase in the number of phish hosted in Eastern Europe • Decline in phish hosted in East Asia Proprietary and Confidential Copyright 2017PhishLabs 21
Top-Level Domains: How are Phish Hosted? • 51% of phishing sites hosted on .COM TLD • New gTLDs still associated with a small fraction of phishing sites, but they’re growing • 220 new gTLDs observed in 2016 vs. 66 in 2015 • Inexpensive option for phishers looking to have control over their infrastructure • Allow phishers to create legitimate-looking domains Proprietary and Confidential Copyright 2017PhishLabs 22
Phish Kits: How are Phish Made? • Kits are the “recipe” for creating most phishing sites • Collecting & analyzing kits give us a more in-depth understanding of techniques used to carry out phishing scams • Anti-detection techniques • Access controls • Code obfuscation • Data exfiltration • Collected more than 29,000 kits in 2016 targeting 300+ different companies • More than a third used techniques to evade detection • 29% used methods to evade browser-based blocking • 22% utilized mechanisms to restrict access to phishing site Proprietary and Confidential Copyright 2017PhishLabs 23
Ransomware: Yeah, That Happened… • Ransomware has been around for decades, but saw a massive surge in 2016 • Phishing was, by far, the most common method of delivery • Simplicity led to copycats • Ransomware-as-a-service • High rate of infection, low rate of payment • Threat actors evolved targeting tactics to change from individuals to strategic businesses Proprietary and Confidential Copyright 2017PhishLabs 24
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human

Recommended

The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline
PhishLabs
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in Pakistan
Mustufain Ahmed Ansari
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Phishing
PhishingPhishing
Phishing
Archit Mohanty
 

Recommended

The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline
PhishLabs
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in Pakistan
Mustufain Ahmed Ansari
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Phishing
PhishingPhishing
Phishing
Archit Mohanty
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
Mark Mair
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
pronab Kurmi
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
KaterynaPetrova4
 
Phishing
PhishingPhishing
Phishing
guicelacatalina
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Phishing
PhishingPhishing
Phishing
Carla Morales Vásquez
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
AvishekMondal15
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
Devendra Yadav
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 

More Related Content

What's hot

Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
Mark Mair
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
pronab Kurmi
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
KaterynaPetrova4
 
Phishing
PhishingPhishing
Phishing
guicelacatalina
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Phishing
PhishingPhishing
Phishing
Carla Morales Vásquez
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
AvishekMondal15
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing
PhishingPhishing
Phishing
SaurabhKantSahu1
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
Devendra Yadav
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Phishing
PhishingPhishing
Phishing
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
Phishing
PhishingPhishing
Phishing
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing
PhishingPhishing
Phishing
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B Ahmed
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 

Viewers also liked

PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
Phishing
PhishingPhishing
Phishing
defquon
 
Phishing: A Field Experiment
Phishing: A Field ExperimentPhishing: A Field Experiment
Phishing: A Field Experiment
CSCJournals
 
Phishing trends and Collaborative Efforts to Fight Cybercrime
Phishing trends and Collaborative Efforts to Fight CybercrimePhishing trends and Collaborative Efforts to Fight Cybercrime
Phishing trends and Collaborative Efforts to Fight Cybercrime
APNIC
 
Phishing Report Novembre 2009
Phishing Report Novembre 2009Phishing Report Novembre 2009
Phishing Report Novembre 2009
Symantec Italia
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
MarketingArrowECS_CZ
 
Use of hog descriptors in phishing detection
Use of hog descriptors in phishing detectionUse of hog descriptors in phishing detection
Use of hog descriptors in phishing detection
Selman Bozkır
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
Narendra Singh
 
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APTBYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
Jimmy Shah
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
BlackBerry
 
Venture Scanner Security Tech Report Q1 2017
Venture Scanner Security Tech Report Q1 2017Venture Scanner Security Tech Report Q1 2017
Venture Scanner Security Tech Report Q1 2017
Nathan Pacer
 
Phishing
PhishingPhishing
Phishing
oitaoming
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 

Viewers also liked (18)

PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
Phishing
PhishingPhishing
Phishing
 
Phishing: A Field Experiment
Phishing: A Field ExperimentPhishing: A Field Experiment
Phishing: A Field Experiment
 
Phishing trends and Collaborative Efforts to Fight Cybercrime
Phishing trends and Collaborative Efforts to Fight CybercrimePhishing trends and Collaborative Efforts to Fight Cybercrime
Phishing trends and Collaborative Efforts to Fight Cybercrime
 
Phishing Report Novembre 2009
Phishing Report Novembre 2009Phishing Report Novembre 2009
Phishing Report Novembre 2009
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
 
Use of hog descriptors in phishing detection
Use of hog descriptors in phishing detectionUse of hog descriptors in phishing detection
Use of hog descriptors in phishing detection
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APTBYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
 
Venture Scanner Security Tech Report Q1 2017
Venture Scanner Security Tech Report Q1 2017Venture Scanner Security Tech Report Q1 2017
Venture Scanner Security Tech Report Q1 2017
 
Phishing
PhishingPhishing
Phishing
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 

Similar to 2017 Phishing Trends & Intelligence Report: Hacking the Human

2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
PhishLabs
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Imperva
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
SurfWatch Labs
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
David Dourgarian
 
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Javier Vargas
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?
Valerie Lanzone
 
MASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton ZeiglerMASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton Zeigler
Womble Bond Dickinson (US) LLP
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Jason Luttrell, CISSP, CISM
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
centralohioissa
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
Joe Nathans
 
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches WebinarEliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Concept Searching, Inc
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
centralohioissa
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
David Strom
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
David Perkins
 
What a locked down law firm looks like updated
What a locked down law firm looks like updatedWhat a locked down law firm looks like updated
What a locked down law firm looks like updated
Denim Group
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel Approach
Guardian Analytics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel Approach
Laurent Pacalin
 

Similar to 2017 Phishing Trends & Intelligence Report: Hacking the Human (20)

2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion2017 Phshing Trends and Intelligence Report: Ransomware Explosion
2017 Phshing Trends and Intelligence Report: Ransomware Explosion
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
 
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?
 
MASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton ZeiglerMASC RMA Cyber presentation by Belton Zeigler
MASC RMA Cyber presentation by Belton Zeigler
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches WebinarEliminate the 49% of Documents that Contain Data Breaches Webinar
Eliminate the 49% of Documents that Contain Data Breaches Webinar
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
What a locked down law firm looks like updated
What a locked down law firm looks like updatedWhat a locked down law firm looks like updated
What a locked down law firm looks like updated
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel Approach
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Preventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel ApproachPreventing Fraud with a Multi-Channel Approach
Preventing Fraud with a Multi-Channel Approach
 

Recently uploaded

一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 

Recently uploaded (20)

一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 

2017 Phishing Trends & Intelligence Report: Hacking the Human

  • 1.
  • 2. 2017 R.A.I.D. Webinar Series • What’s it about? • Insights from our Research, Analysis, Intelligence Division and other PhishLabs’ experts • Hosted every month, exact dates TBD • Focus on current threat campaigns – dissect attacks, scams, campaigns, and discuss threat actors • Goal: equip you to better secure your network, your employees, your company and your customers • Who should attend? • Open invitation – feel free to share! • Security leaders and professionals responsible for managing cyber threats
  • 3.
  • 4. February agenda 2017 Phishing Trends & Intelligence Report: Hacking the Human Proprietary and Confidential Copyright 2017 PhishLabs 4 Crane Hassold Senior Security Threat Researcher
  • 5.
  • 6.
  • 7. Phishing Trends & Intelligence Report Purpose • Provide insight on significant trends, tools, and techniques used by threat actors to carry out phishing attacks • Provide context and perspective into HOW and WHY these trends are occurring • By understanding the threat, we can better defend against it Proprietary and Confidential Copyright 2017PhishLabs 7
  • 8. Methodology Proprietary and Confidential Copyright 2017PhishLabs 8 • Analysis of nearly 1 million confirmed malicious phishing sites hosted on more that 170,000 unique domains and more than 66,000 unique IP addresses • “Attack” = domain hosting phishing content • Volume vs. Share • Volume relates to the raw, cumulative number of attacks • Share references the percentage of attacks relative to the entire attack population
  • 9. Industry Trends: Who is Being Targeted? • 976 brands from 568 parent institutions targeted by phishing attacks in 2016 • 91% of all attacks targeted five industries • Financial institutions • Cloud storage services • Webmail/online services • Payment services • E-commerce sites • Attack volume targeting the top 5 industries grew by an average of 33% • Financial institutions still the most targeted industry…barely Proprietary and Confidential Copyright 2017PhishLabs 9
  • 10. The Rise of Cloud Storage Phish • Attacks targeting cloud storage services expected to surpass those targeting financial institutions in 2017 • Percentage of attacks targeting FIs have been steadily declining • Cloud storage phish made up less than 10% in 2013; now account for nearly a quarter • 90% of cloud storage phish target only two companies (Google, Dropbox) Proprietary and Confidential Copyright 2017PhishLabs 10
  • 11. Evolving Motivations • Three primary motivations for fraud-based phishing: 1. Immediate Account Takeover 2. Credential Proliferation 3. Data Diversification Proprietary and Confidential Copyright 2017PhishLabs 11
  • 12. Motivation #1: Immediate Account Takeover • Historically, the primary motivator for phishing attacks • Targets are usually banks and payment service companies • Immediate, direct profit • Industries impacted by these attacks have seen a decline in volume Proprietary and Confidential Copyright 2017PhishLabs 12 2013 64% 2016 37%
  • 13. Motivation #2: Credential Proliferation • Attackers mass harvest credentials for the purpose of attacking secondary targets • Focused on web services that use email addresses as a primary credential • Indirect profit • Significant increase in targeting Proprietary and Confidential Copyright 2017PhishLabs 13 2013 21% 2016 46%
  • 14. A Systemic Vulnerability • The shift in targeted industries is driven by a major vulnerability -- the use of email address as a primary credential • Target one = target all • Facilitates password reuse attacks • 39% of users reuse passwords across services (Pew Research, 2017) Proprietary and Confidential Copyright 2017PhishLabs 14
  • 15. A Systemic Vulnerability Proprietary and Confidential Copyright 2017PhishLabs 15
  • 16. Motivation #3: Data Diversification • Purpose is to collect more comprehensive information about a victim • Impacted industries include e-commerce sites and government services • Phishing attacks targeting tax agencies have increased 300% since 2014 • IRS phish in January 2016 exceeded volume of attacks seen in all of 2015 • Less frequent, higher impact • Used to commit other types of crimes (e.g., identify theft, tax fraud) • Also used to facilitate future phishing activity (e.g., phone numbers) Proprietary and Confidential Copyright 2017PhishLabs 16
  • 17. Why are We Seeing This Shift? • Phishing threat actors are evolving their tactics to: 1. Make their jobs easier 2. Expand the avenues of profit 3. Take advantage of ease-of-use features built into many websites • By shifting their targets and techniques, phishers have: 1. Made credential collection more efficient 2. Focused on collecting a wider breadth of information to facilitate other crimes 3. Moved to a more indirect, but likely more lucrative, profit motive 4. Adapted to security controls used by FIs and payment service companies Proprietary and Confidential Copyright 2017PhishLabs 17
  • 18. What are the Implications? • Password reuse attacks serious threat to secondary targets • Cloud storage and SaaS accounts are not the primary targets • Expect that customers have already been compromised elsewhere • “It’s not my problem” paradox • Brand reputation issues Proprietary and Confidential Copyright 2017PhishLabs 18
  • 19.
  • 20. Country Trends: Where are the Attacks Happening? • 81% of phishing attacks target US-based entities • Significant increase in attacks targeting Canadian targets (+237%) • Focused on financial institutions • Sustained increase, not a quick spike • Switzerland, France, Italy, Germany also saw increases • China, Australia, Great Britain saw significant declines in attacks Proprietary and Confidential Copyright 2017PhishLabs 20
  • 21. Hosting Locations: Where are Phish Hosted? • More than half of all phishing sites hosting in the United States • Sharp increase in the number of phish hosted in Eastern Europe • Decline in phish hosted in East Asia Proprietary and Confidential Copyright 2017PhishLabs 21
  • 22. Top-Level Domains: How are Phish Hosted? • 51% of phishing sites hosted on .COM TLD • New gTLDs still associated with a small fraction of phishing sites, but they’re growing • 220 new gTLDs observed in 2016 vs. 66 in 2015 • Inexpensive option for phishers looking to have control over their infrastructure • Allow phishers to create legitimate-looking domains Proprietary and Confidential Copyright 2017PhishLabs 22
  • 23. Phish Kits: How are Phish Made? • Kits are the “recipe” for creating most phishing sites • Collecting & analyzing kits give us a more in-depth understanding of techniques used to carry out phishing scams • Anti-detection techniques • Access controls • Code obfuscation • Data exfiltration • Collected more than 29,000 kits in 2016 targeting 300+ different companies • More than a third used techniques to evade detection • 29% used methods to evade browser-based blocking • 22% utilized mechanisms to restrict access to phishing site Proprietary and Confidential Copyright 2017PhishLabs 23
  • 24. Ransomware: Yeah, That Happened… • Ransomware has been around for decades, but saw a massive surge in 2016 • Phishing was, by far, the most common method of delivery • Simplicity led to copycats • Ransomware-as-a-service • High rate of infection, low rate of payment • Threat actors evolved targeting tactics to change from individuals to strategic businesses Proprietary and Confidential Copyright 2017PhishLabs 24