The Latest in Phishing: April 2018

We bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News:

• Proofpoint’s annual Human Factor report has again identified email as the top vector for malicious cyberattacks. Top findings include:
  • The verticals most at risk for email fraud attacks were education, consulting, and entertainment.
  • The most phished industries were construction, manufacturing, and technology.
  • More than 80% of malicious emails distributed ransomware and banking Trojans.
• Released earlier this month, Verizon’s 2018 Data Breach Investigations Report (DBIR) concludes that ransomware is the top variety of malicious software, accounting for 39% of malware-related data breaches in 2017. This figure is double that of the previous year. More highlights from the report can be found on Tech Republic.
• The acceleration of ransomware has pushed tech giants like Google and Microsoft to build additional protections into their software. Microsoft recently announced that OneDrive and Outlook.com will beef up security around the sharing and reading of files, and it has added a “roll back” feature in OneDrive that allows users to restore their files to previous versions. According to coverage from CSO Online, Google has capitalized on machine learning to fight phishing and business email compromise (BEC) attacks, employing protections that directly combat these types of scams.
• For the first time since cybersecurity firm Kaspersky began tracking the phishing landscape, financial attacks accounted for over 50% of attempts. A recent press release from the firm claims that in 2017, financial attacks increased from “47.5% to almost 54% of all phishing detections.” More details on their research can be found on Finextra.
• The UK’s National Cyber Security Centre (NCSC) has analyzed results from their first year of four Active Cyber Defence programs, concluding that the adoption of the Web Check, Dmarc, Public Sector DNS, and takedown services “improve defence against threats by blocking fake emails, removing phishing attacks and stopping public sector systems veering onto malicious servers.” The introduction of these programs has reduced the UK’s share of global phishing attacks from 5.3% in June 2016 to 3.1% in November of 2017. More results from these efforts can be found on Computer Weekly.

Phishing Attacks:

• A “cybersecurity incident” has affected popular task management platform TaskRabbit, causing it to temporarily take down the app and its service. Users took to Twitter to vocalize their discontent with the breach, which exposed company information and revealed its private Github. TaskRabbit has stated they will reimburse those financially affected by the incident, which is still under investigation at the time of this post, though Twitter users suspect it’s a phishing attack. Keep up-to-date with the latest developments over on Mashable.
• Check Point researchers revealed that in the two months since its debut, GandCrab ransomware has earned attackers upwards of $600,0000. A seizure of assets earlier this month by Romanian Police and Europol accounted for only a minor setback to the campaign, which has used an agile approach to developing the malware to keep it operational. Learn more about this strain of ransomware on Threatpost.
• Some users of the cryptocurrency exchange Binance recently found themselves the victims of a targeted phishing attack. Scammers utilized the API keys from compromised accounts to make unauthorized trades. According to coverage from Coincentral, “some users saw their bots unwillingly sell their altcoins to buy Viacoin in the throes of the debacle.” The article goes on to reveal that once Binance suspended the trades, crooks could not recover the stolen funds. Instead, Binance donated all the funds in question to charity.
• In a feat of irony, an employee of the Financial Services Information Sharing and Analysis Center (FS-ISAC) fell for a phishing scam that exposed their individual credentials and enabled additional attacks. SC Magazine’s coverage of the incident states the breach allowed “… the threat actor to create an email with a PDF that had a link to a credential harvesting site which was then sent from the initial compromised account to select members, affiliates and employees …” According to FS-ISAC President and CEO Bill Nelson, the simple attack wasn’t targeted, and they plan to accelerate their adoption of multi-factor authentication to curb future attacks.
• Apple has alerted customers to be on the lookout for an App Store scam posing as a subscription notice for YouTube Red. The scam uses a fake billing invoice demanding $144.99 to keep their service or cancel it via a link that leads to a credential-stealing phishing site. More details on the scam can be found on Newsweek.
• Users of the global secure financial messaging service, SWIFT, were targeted with phishing emails containing malware-ridden attachments. Analysts from Comodo Threat Research Lab found that “Once [the malware] has penetrated a user’s system, it modifies the registry, spawns many processes, checks for an antivirus installation and tries to kill its process,” according to coverage in MediaPost. Comodo’s analysts believe the purpose of these phishing attempts is recon for further, more destructive malware attacks.
• A phishing website dubbed klkviral.org stole and published the credentials of over 55,000 users of the popular social platform Snapchat. Although the breach was discovered back in July 2017, the details emerged only recently. The Verge broke the story in February, reporting that “… the attack relied on a link sent to users through a compromised account that, when clicked, opened a website designed to mimic the Snapchat login screen.” Snapchat notified those affected that their passwords had been reset. While 55,000 accounts are only a small portion of Snap’s 187 million active users, the attack shows just how effective phishing websites can be.