• Skip to content
  • Jump to main navigation and login
  • Jump to additional information

Nav view search

Navigation

  • Home
  • Industry News
    • Advertising & Branding
    • Marketing
    • Print
    • Television & Cinema
    • Radio
    • Digital
    • Mobile
    • OOH
    • Experiential Marketing
    • WORLD ROUNDUP
    • PR
  • GCC
    • UAE
    • SAUDI ARABIA
    • OMAN
    • QATAR
    • KUWAIT
    • BAHRAIN
    • LEBANON
    • REGION
  • Interviews
  • Opinions
  • Mediavataar India
  • Newsletter

Search

Home Industry News Marketing Phishing Attacks Soar 220% During COVID-19 Peak

Phishing Attacks Soar 220% During COVID-19 Peak

 

F5 Labs releases 2020 Phishing and Fraud Report;

COVID-19 scams and increasing attacker sophistication raises global cybersecurity stakes

COVID-19 continues to significantly embolden cybercriminals’ phishing and fraud efforts, according to new research from F5 Labs.

The fourth edition of the Phishing and Fraud Report found that phishing incidents rose 220% during the height of the global pandemic compared to the yearly average.

Based on data from F5’s Security Operations Center (SOC), the number of phishing incidents in 2020 is now set to increase 15% year-on-year, though this could soon change as second waves of the pandemic spread.

The three primary objectives for COVID-19­­‑related phishing emails were identified as fraudulent donations to fake charities, credential harvesting and malware delivery.

Attacker opportunism was in further evidence when F5 Labs examined certificate transparency logs (a record of all publicly trusted digital certificates). The number of certificates using the terms “covid” and “corona” peaked at 14,940 in March, which was a massive 1102% increase on the month before.

“The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine,” said David Warburton, Senior Threat Evangelist at F5 Labs.

“Attackers are also quick to jump onto emotive trends and COVID-19 will continue to fuel an already significant threat. Unfortunately, our research indicates that security controls, user training and overall awareness still appear to be falling short across the world.”

A Phisher’s Domain

As per previous years’ research, F5 Labs noted that fraudsters are becoming ever more creative with the names and addresses of their phishing sites.

In 2020 to date, 52% of phishing sites have used target brand names and identities in their website addresses. Using phishing site data from Webroot, F5 Labs discovered that Amazon was the most targeted brand in the second half of 2020. Paypal, Apple, WhatsApp, Microsoft Office, Netflix, and Instagram were also among the top ten most impersonated brands.

By tracking the theft of credentials through to use in active attacks, F5 Labs observed that criminals were attempting to use stolen passwords within four hours of phishing a victim. Some attacks even occurred in real time to enable the capture of multi-factor authentication (MFA) security codes.

Meanwhile, cybercriminals also became more ruthless in their bids to hijack reputable, albeit vulnerable URLs – often for free. WordPress sites alone accounted for 20% of generic phishing URLs in 2020. The figure was as low as 4,7% in 2017.

Furthermore, cybercriminals are increasingly cutting costs by using free registrars such as Freenom for certain country code top-level domains (ccTLDs), including .tk, .ml, .ga, .cf, and .gq.  As a case in point, .tk is now the fifth most popular registered domain in the world.

Hiding in Plain Sight

2020 also saw phishers intensify efforts to make fraudulent sites appear as genuine as possible. F5 SOC statistics found that most phishing sites leveraged encryption, with a full 72% using valid HTTPS certificates to trick victims. This year, 100% of drop zones – the destinations of stolen data sent by malware – used TLS encryption (up from 89% in 2019).

Combining incidents from 2019 and 2020, F5 Labs additionally reported that 55.3% of drop zones used a non-standard SSL/TLS port. Port 446 was used in all instances bar one. An analysis of phishing sites found that 98.2% used standard ports: 80 for cleartext HTTP traffic and 443 for encrypted SSL/TLS traffic.

Future threats

According to recent research from Shape Security, which was integrated with the Phishing and Fraud Report for the first time, there are two major phishing trends on the horizon.

As a result of improved bot traffic (botnet) security controls and solutions, attackers are starting to embrace click farms. This entails dozens of remote “workers” systematically attempting to log onto a target website using recently harvested credentials. The connection comes from a human using a standard web browser, which makes fraudulent activity harder to detect.

Even a relatively low volume of attacks has an impact. As an example, Shape Security analysed 14 million monthly logins at a financial services organisation and recorded a manual a fraud rate of 0,4%. That is the equivalent of 56,000 fraudulent logon attempts, and the numbers associated with this type of activity are only set to rise.

Shape Security researchers also recorded an increase in the volume of real-time phishing proxies (RTPP) that can capture and use multi-factor authentication (MFA) codes. The RTPP acts as a person-in-the-middle and intercepts a victim’s transactions with a real website. Since the attack occurs in real time, the malicious website can automate the process of capturing and replaying time-based authentication such as MFA codes. It can even steal and reuse session cookies.

Recent real-time phishing proxies in active use include Modlishka2 and Evilginx23. F5 Labs and Shape Security are set to monitor the growing use of RTPPs in the coming months.

“Phishing attacks will continue to be successful as long as there is a human that can be psychologically manipulated in some way. Security controls and web browsers alike must become more proficient at highlighting fraudulent sites to users,” Warburton concluded.

“Individuals and organisations also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”

  By MediavataarMe News Desk 17 November 2020
MARKETING
Tweet
  • Be the first to comment!
  • 1
  • 2
  • 3
  • 4
  • 5
(0 votes)

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

back to top

More in this category:

  • 100 trends that will shape 2021, from touchless travel to micropreneurs
  • McGregor vs Poirier 2.0: Ready to witness the UFC clash?
  • HP Inc. Appoints Vishnu Taimni as the Head of its Middle East, Turkey & East Africa Operations
  • Spotify Listeners in 11 Markets Can Now Ask Alexa to Play Podcasts
  • Resulticks, Merkle Sokrati form a strategic partnership

Latest from MediavataarMe News Desk

  • 100 trends that will shape 2021, from touchless travel to micropreneurs
  • McGregor vs Poirier 2.0: Ready to witness the UFC clash?
  • Conor McGregor promises to put on a “Masterpiece” for fans in Abu Dhabi at UFC 257 on Sunday
  • HP Inc. Appoints Vishnu Taimni as the Head of its Middle East, Turkey & East Africa Operations
  • WPP appoints Rob Reilly as Global Chief Creative Officer
  • Recommended Reading
    100 trends that will shape 2021, from touchless travel to micropreneurs  Read more...
  • Recommended Reading
    McGregor vs Poirier 2.0: Ready to witness the UFC clash?  Read more...
  • Recommended Reading
    HP Inc. Appoints Vishnu Taimni as the Head of its Middle East, Turkey & East Africa Operations  Read more...
  • Recommended Reading
    Spotify Listeners in 11 Markets Can Now Ask Alexa to Play Podcasts  Read more...
  • Recommended Reading
    Resulticks, Merkle Sokrati form a strategic partnership  Read more...

QUOTE OF THE DAY

“Good content isn’t about good storytelling. It’s about telling a true story well.” – Ann Handley

  • Most Viewed
  • Most commented
  • MediaMonks invests in leadership and expands in the Middle Eastern region (9888)
  • Digital Stallions Forum UAE introduces Resulticks Digital Stallion Forum UAE Awards (6829)
  • Cisco reveals the top 6 tech trends for 2021 and beyond (6262)
  • The future of TV? (6150)
  • Kantar announces agreement for sale of Health division to Cerner (6108)

Upcoming Events

No events
Tweets by @MediavataarMENA
  • About Us
  • |
  • Disclaimer
  • |
  • Feedback
  • |
  • Advertise with Mediavataarme
  • |
  • Press Releases
  • |
  • Contact us

COPYRIGHT@Ashish Limaye, Sole Practitioner, Under Dubai Media City. POWERED BY MAXIMESS

  • Facebook

  • Twitter