Cyber phishing attacks continue to increase in volume and sophistication, according to researchers at security firm Webroot.
In May 2017, the number of new phishing sites reached a new high of 2.3 million in that month alone, according to the September 2017 Webroot Quarterly Threat Trends Report.
Data collected by Webroot shows that the latest phishing sites use realistic web pages that are almost impossible to find using web crawlers to trick victims into providing personal and business information.
Once this data is harvested, attackers are able to steal digital identities to access business IT systems to steal data and compromise business email accounts to carry out CEO fraud attacks.
The Webroot data also shows phishing attacks have grown at an unprecedented rate in 2017, with it continuing to be one of the most common, widespread security threats faced by both businesses and consumers.
According to the report, phishing is the top cause of cyber breaches in the world, with an average of more than 46,000 new phishing sites created each day.
The sheer volume of new sites makes phishing attacks difficult to defend against for businesses, the report said.
Even if the block lists are updated hourly, they are generally 3–5 days out of date by the time they are made available, the report said, by which time the sites in question may have already victimised users and disappeared.
Attacks are increasingly sophisticated and more adept at fooling the victim, the researchers found. The note that while in the past, phishing attacks randomly targeted as many people as possible,today’s phishing is more sophisticated.
Cyber attackers now typically research their targets and use social engineering to uncover relevant personal information for individualised attacks. Phishing sites also hide behind benign domains and obfuscate true uniform resource locators (URLs), fooling users with realistic impersonated websites.
The researchers found that zero-day websites used for phishing may number in the millions each month, yet they tend to impersonate a small number of companies. Webroot categorised URLs by the type of website being impersonated and found that financial institutions and technology companies are the most phished categories.
According to an FBI public service announcement issued on 4 May 2017, phishing scams cost US business $500m a year, while Verizon found phishing to be involved in 90% of breaches and security incidents and a report by ESG showed that 63% of surveyed security and network influencers and decision makers have suffered from phishing attacks in the past two years.
In the ESG report, 46% of respondents said malware attacks have become more targeted over the past two years, and 45% said there is a greater volume of malware than in the past two years.
“Today’s phishing attacks are incredibly sophisticated, with hackers obfuscating malicious URLs, using psychology and information gleaned from reconnaissance to get you to click on a link,” said Hal Lonas, chief technology officer at Webroot.
“Even savvy cyber security professionals can fall prey. Instead of blaming the victim, the industry needs to embrace a combination of user education and organisational protection with real-time intelligence to stay ahead of the ever-changing threat landscape,” he said.
So if you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOW