SonicWall: A Quick Look At The Modern Phishing Campaigns of 2019

Inside the Modern Phishing Campaigns of 2019

The world of cybersecurity is dominated by headlines of malware, ransomware, data breaches, app vulnerabilities, IoT threats, and botnet attacks. However, phishing has been a heavy threat since the early 2000s and is widely considered the foremost common attack vector for cybercriminals.


Today, phishing isn’t about volume. These email threats are currently tuned to successfully trick a high-value target into taking the desired action: clicking on a malicious link, opening a malware-laden file, providing a password, or authorizing monetary transactions.


In the current cyber race, threat actors are perpetually attempting to get around security systems. Within the context of email as a threat vector, phishing has evolved into spear-phishing, impersonation, and Business Email Compromise (BEC) varieties of attacks. These messages are extremely targeted with in-depth social engineering efforts to rigorously choose and study the victim.


Global phishing volume down attacks more targeted


Published within the 2019 SonicWall Cyber Threat Report, our Capture Labs threat researchers recorded 26 million phishing attacks worldwide, a 4.1 % drop from 2017. During that point, the typical SonicWall client faced 5,488 phishing attacks.


2018 Global Phishing Volume

As businesses get better at blocking email attacks and guaranteeing workers can spot and delete suspicious emails, attackers are shifting techniques. New information suggests they’re reducing overall attack volume and launching a lot of extremely targeted phishing attacks.


Explore the 5 common techniques phishers are using


1.) Malicious URLs and fake or spoofed websites

With enhancements in secure email solutions that mitigate phishing, cybercriminals are resorting to innovative ways to execute targeted attacks, like using weaponized URLs in an email to deliver malicious payloads or making phishing websites with fake login pages to reap user login credentials. In late 2017, it was reported that nearly 1.5 million phishing sites are created monthly. And also the detection of phishing sites has become tougher because phishers are obfuscating phishing URLs with multiple redirections and URL shorteners.


In addition, about half of these phishing sites are using HTTPS and SSL certificates, which makes it easier for cybercriminals to deceive their victims.


Source: “PhishPoint: New SharePoint Phishing Attack Affects an estimated 100 pc of office 365 Users,” Avanan, August 2018.


According to Microsoft’s counterintelligence report, “attackers increasingly use popular document sharing and collaboration sites and services to distribute malicious payloads and fake login forms that are used to steal user credentials.”


2.) Phishing targeting office 365 applications, users

SaaS and webmail services are progressively targeted by phishing campaigns. according to the Anti-Phishing working group (APWG), phishing that targeted SaaS and webmail services doubled within the fourth quarter of 2018. As office 365 gains adoption as the preferred choice of cloud email platform across organizations of all sizes and verticals, it comes as no surprise that Microsoft is the most impersonated brand.


“As Microsoft’s SEG market share increases, smart attackers can specifically target Microsoft’s defenses,” reports Gartner.


This is not inconceivable because an office 365 subscription is accessible to anyone with a credit card, creating its security features very accessible to cybercriminals. This, in theory, allows criminal groups to design phishing campaigns that will evade Microsoft’s native defenses. In fact, in another report, researchers found 25th of phishing emails bypass office 365 security.


3.) Compromised credentials

In January 2019, security researcher Troy Hunt discovered “Collection 1,” a trove of 773 million email addresses and 21 million passwords available for sale on Hacker Forum. These compromised user IDs and password combos are used to perform attacks from the inside. a typical attack includes an account takeover that involves threat actors compromising worker corporate credentials by either launching a credential phishing campaign against an organization or buying credentials on the Darkweb because of third-party information leaks. The threat actor will then use the taken credentials to gain further access or increase privileges. Compromised credentials might stay undiscovered for months or years.


4.) Impersonation, CEO fraud, and Business Email Compromise (BEC)

According to the FBI, Business Email Compromise, or BEC, is a scam targeting businesses operating with foreign suppliers and/or businesses frequently performing wire transfer payments. These subtle scams are administered by fraudsters compromising email accounts through social engineering or computer intrusion techniques to conduct the unauthorized transfer of funds. These sorts of attacks are hard to prevent because they do not contain malicious links or attachments, however, a message to the victim is seemingly from a trustworthy sender requesting a transfer of funds.


The FBI internet complaint Center (IC3) reported last summer that from October 2013 to May 2018, total losses worldwide for known BEC scams hit $12.5 billion.


5.) Malicious PDF files and office doc attachments

Email attachments are a popular delivery mechanism for malicious payloads, like ransomware and never-before-seen malware. SonicWall Capture Labs threat researchers recently found a considerable increase of malicious or fraudulent PDF files. These fraud campaigns take advantage of recipients’ trust in PDF files as a “safe” file format that’s widely used and relied upon for business operations.

Download Free SonicWall Resource


Get access to authentic content from one of the leading cybersecurity solutions experts in the world from the Philippines’ premiere technology provider.

Ready to Get Started?

Ready to
Get Started?

Connecting with MEC provides you with access to globally recognized technology brands and a range of premium value-added services.