5 Phishing Attack Trends You May Have Missed4:00 PM EST Tue. Apr. 30, 2013
Cybercriminals would rather use valid account credentials to gain access and move through corporate networks; it enables them to bypass security technologies because they appear to be a valid user. And, phishing is the most popular way to get those credentials, according to the latest studies. By sending only three phishing emails to employees at a targeted enterprise, an attacker has a better-than-50-percent chance of getting at least one click, according to Herndon, Va.-based antiphishing firm ThreatSim.
Phishers are breaking into hosting providers with unprecedented success, according to the Anti-Phishing Working Group, an organization that tracks phishing trends. The phishers use the hosting facilities to launch mass phishing attacks. The organization identified a peak of 14,000 phishing attacks sitting on 61 different servers in August of 2012.
The Anti-Phishing Working Group found that WordPress, CPanel and Joomla installations were among the most popular content management systems phishers target. The content management systems are popular in shared hosting environments. Phishers look for poorly patched installations of the software to exploit vulnerabilities in the program or in its third-party components.
Beginning in late 2012, attackers targeted server farms to help bolster distributed denial-of-service attacks against U.S.-based banks. Hosting facilities often use powerful servers that a large amount of traffic can be funneled through. Security experts told CRN that the good news is that many hosting providers will detect and shut down malicious traffic originating from their servers.
Earlier this month, hosting provider CloudFlare reported that it identified a wide-scale attack targeting WordPress installations to build a large botnet. The cybercriminals behind the campaign used a brute-force attack with an automated tool to break into account credentials and gain access to thousands of WordPress administrator accounts. Once infiltrated by attackers, the WordPress sites can be used to conduct DDoS attacks, distribute malware via drive-by downloads or conduct phishing attacks.
Phishing was in the "Top 20 Threat Actions" identified in the 2013 Verizon Data Breach Investigations Report. Phishing accounted for 22 percent of the 621 data breaches analyzed by Verizon and impacted large and small businesses. The most glaring statistic about phishing from the report was that more than 95 percent of all attacks tied to state-affiliated espionage used phishing as a means of gaining access to corporate networks.