Posts Tagged :

phishing

Half of UK employees unable to identify scam emails

960 640 Stuart O'Brien

Nearly half of employees (42%) across the UK are unable to identify a scam email purporting to be from Royal Mail.

That’s according to a new survey was conducted by Opinium Research and OpenText Security Solutions and at a time when cybercriminal activity is rife, with the average business targeted 28 times by cyber threats in the past year.

And with nearly half (44%) of large organisations suffering network downtime lasting longer than one day due to phishing attacks, it’s clear businesses need to ensure staff are educated on risky IT behaviours that can lead to security compromises.

In fact, the survey reveals many employees are unaware of common terms related to cyber threats, with 50% revealing they had never heard of the term DDoS (distributed denial-of-service) and 60% had no knowledge of BEC (business email compromise). This demonstrates a clear need for organisations to cut the jargon when it comes to educating employees on cybersecurity.

Matt Aldridge, Principal BrightCloud Threat Intelligence Solutions Consultant at OpenText Security Solutions, said: “Security awareness is critically important for all organisations, as the employee is always the first line of defence in cyber security.

There’s no use investing in sophisticated cyber security software if employees click on dangerous phishing links and grant cyber-criminals access to the business network or to confidential data. It’s like turning on a fancy home security alarm, but leaving a window open — you’ll be left playing catch-up after the bad guys get in.

To ensure cyber resilience, employees need to be educated on the latest risks as soon as they are discovered – whether that’s the Royal Mail scam or the multitude of other threats. Organisations can achieve this by using templated phishing simulations that are reflective of the latest emerging scams. These should be implemented alongside strong and robust communication to employees and adequate technical defences, all of which will help to ensure cyber resilience.”

Additional findings show over a quarter of employees in the UK (29%) have never completed any form of cyber risk training. Furthermore, seven-in-ten (70%) employees indicated they would be worried to report that they had compromised the security of their company to their boss. These findings indicate many UK organisations need to change their attitudes towards cybersecurity in order to improve employee vigilance.

Phishing attacks ‘soar 220% during COVID-19 peak’

960 640 Stuart O'Brien

COVID-19 continues to significantly embolden cybercriminals’ phishing and fraud efforts, with incidents rising 220% during the height of the global pandemic compared to the yearly average.

That’s according to new research from F5 Labs based on data from its Security Operations Center (SOC), which says the number of phishing incidents in 2020 is now set to increase 15% year-on-year, though this could soon change as second waves of the pandemic spread.

The three primary objectives for COVID-19­­‑related phishing emails were identified as fraudulent donations to fake charities, credential harvesting and malware delivery.

Attacker opportunism was in further evidence when F5 Labs examined certificate transparency logs (a record of all publicly trusted digital certificates). The number of certificates using the terms “covid” and “corona” peaked at 14,940 in March, which was a massive 1102% increase on the month before.

“The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine,” said David Warburton, Senior Threat Evangelist at F5 Labs.

“Attackers are also quick to jump onto emotive trends and COVID-19 will continue to fuel an already significant threat. Unfortunately, our research indicates that security controls, user training and overall awareness still appear to be falling short across the world.”

As per previous years’ research, F5 Labs noted that fraudsters are becoming ever more creative with the names and addresses of their phishing sites.

In 2020 to date, 52% of phishing sites have used target brand names and identities in their website addresses. Using phishing site data from Webroot, F5 Labs discovered that Amazon was the most targeted brand in the second half of 2020. Paypal, Apple, WhatsApp, Microsoft Office, Netflix, and Instagram were also among the top ten most impersonated brands.

By tracking the theft of credentials through to use in active attacks, F5 Labs observed that criminals were attempting to use stolen passwords within four hours of phishing a victim. Some attacks even occurred in real time to enable the capture of multi-factor authentication (MFA) security codes.

Meanwhile, cybercriminals also got more ruthless in their bids to hijack reputable, albeit vulnerable URLs – often for free. WordPress sites alone accounted for 20% of generic phishing URLs in 2020. The figure was as low as 4,7% in 2017.

Furthermore, cybercriminals are increasingly cutting costs by using free registrars such as Freenom for certain country code top-level domains (ccTLDs), including .tk, .ml, .ga, .cf, and .gq.  As a case in point, .tk is now the fifth most popular registered domain in the world.

2020 also saw phishers intensify efforts to make fraudulent sites appear as genuine as possible. F5 SOC statistics found that most phishing sites leveraged encryption, with a full 72% using valid HTTPS certificates to trick victims. This year, 100% of drop zones – the destinations of stolen data sent by malware – used TLS encryption (up from 89% in 2019).

Combining incidents from 2019 and 2020, F5 Labs additionally reported that 55.3% of drop zones used a non-standard SSL/TLS port. Port 446 was used in all instances bar one. An analysis of phishing sites found that 98.2% used standard ports: 80 for cleartext HTTP traffic and 443 for encrypted SSL/TLS traffic.

According to recent research from Shape Security, which was integrated with the Phishing and Fraud Report for the first time, there are two major phishing trends on the horizon.

As a result of improved bot traffic (botnet) security controls and solutions, attackers are starting to embrace click farms. This entails dozens of remote “workers” systematically attempting to log onto a target website using recently harvested credentials. The connection comes from a human using a standard web browser, which makes fraudulent activity harder to detect.

Even a relatively low volume of attacks has an impact. As an example, Shape Security analysed 14 million monthly logins at a financial services organisation and recorded a manual a fraud rate of 0,4%. That is the equivalent of 56,000 fraudulent logon attempts, and the numbers associated with this type of activity are only set to rise.

Shape Security researchers also recorded an increase in the volume of real-time phishing proxies (RTPP) that can capture and use multi-factor authentication (MFA) codes. The RTPP acts as a person-in-the-middle and intercepts a victim’s transactions with a real website. Since the attack occurs in real time, the malicious website can automate the process of capturing and replaying time-based authentication such as MFA codes. It can even steal and reuse session cookies. 

Recent real-time phishing proxies in active use include Modlishka2 and Evilginx23. F5 Labs and Shape Security are set to monitor the growing use of RTPPs in the coming months.

“Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way. Security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users,” Warburton concluded.

“Individuals and organisations also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”

Phishing attacks still a major concern for business

960 640 Stuart O'Brien

Phishing attacks remain a global concern for organisations, with physical security and FM professionals among the most at risk through lack of knowledge.

That’s the opinion gathered from the latest 2019 Beyond the Phish report by cybersecurity company Proofpoint.

Based on data from 130 million questions answered by end users across 16 industries, the fourth annual report revealed that respondents answered one in four questions incorrectly, demonstrating a knowledge gap and need for increased cyber education.

Other key findings going that: 

  • Customer Service, Facilities, and Security employees are the least savvy when it comes to phishing threat knowledge, incorrectly answering an average of 25 percent of cybersecurity questions asked. As these are respondent-defined department designations, the Security department could include both physical security and cybersecurity.
  • Hospitality employees scored the lowest in three categories, including “Physical Security Risks,” in which 22 percent of questions were answered incorrectly.
  • Communications teams are the most savvy when it comes to phishing threats, with end users correctly answering 84 percent of questions.
  • End users in the Education and Transportation industries have the weakest phishing knowledge, on average, answering 24 percent of questions incorrectly across all categories.
  • Finance was the best performing industrywith end users answering 80 percent of all questions correctly.
  • End users in the Insurance industry delivered the best performancein three of the 14 categories analysed, specifically excelling in the “Avoiding Ransomware Attacks” category.

“Cybercriminals are experts at gathering personal information to launch highly targeted and convincing attacks against individuals,” said Amy Baker, vice president of Security Awareness Training Strategy and Development for Proofpoint. 

“Implementing ongoing and effective security awareness training is a necessary foundational pillar when building a strong culture of security. Educating employees about cybersecurity best practices is the best way to empower users to understand how to protect theirs and their employer’s data, making end users a strong last line of defence against cyber attackers.”

To download the 2019 Beyond the Phish report, and see a full list of industry comparisons click here: https://www.proofpoint.com/us/resources/threat-reports/beyond-phish

Image by Robinraj Premchand from Pixabay

Half of all phishing attacks originate from EMEA

960 719 Stuart O'Brien

A report published by NTT Security has revealed that over half (53%) of the world’s phishing attacks originated from Europe, the Middle East and Africa (EMEA).

The Global Threat Intelligence Report (GTIR) analysed global threat trends from 1st October 2015 – 31st September 2016 and showed that of all phishing attacks worldwide, 38% came from the Netherlands, second only to the US (41%).

The data also revealed that nearly three-quarters (73%) of all malware globally was delivered to its victims because of a phishing attack.

The report highlights the latest ransomware, phishing and DDoS attack tends and the impact of these threats against organisations, with the UK the third most common source of attacks against EMEA, behind the US at 26% and France 11%.

In terms of top attack source countries, the US accounted for 63% with the UK following at 4% and China 3%.

Some of the biggest regional differences related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45 per cent started in EMEA – more than the Americas (20 per cent) and Asia (7 per cent) combined. In addition, 45 per cent of brute force attacks that targeted EMEA customers also started in the region.

Dave Polton, Global Director of Innovation at NTT Security, is calling for more active collaboration between business, government and law enforcement agencies to tackle global threats and to ensure measures are in place that will have a long-lasting impact on global security.

“While phishing attacks affected organisations everywhere, EMEA unfortunately emerged as the top region for the source of these attacks,” said Polton. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in EMEA, especially with the EU General Data Protection Regulation (GDPR) just around the corner.

“Any organisation processing data belonging to EU citizens need to demonstrate that their information security strategy is robust.”

Other key EMEA figures:

In EMEA, over half (54%) of all attacks were targeted at just three industry sectors – Finance (20%), Manufacturing (17%) and Retail (17%)

Over 67% of malware detected within EMEA was some form of Trojan

Top services used in attacks against EMEA – File shares (45%), Websites (32%) and Remote administration (17%)

Frank Brandenburg, COO and Regional CEO, NTT Security, concludes: “We all know that no security plan is guaranteed, and there will always be some level of exposure, but defining an acceptable level of risk is important. Clients are starting to understand that by default every employee is part of their organisation’s security team, and businesses are now seeing the value in security awareness training, knowing that educating the end user is directly connected to securing their enterprise.

“Expanding cyber education and ensuring employees adhere to a common methodology, set of practices, and mind set are key elements. Clients see that assisting and coaching their employees (end users) on the proper usage of technology will only enhance the organisation’s overall security presence.”

www.nttsecurity.com