IBM experts published an annual threat analysis, the IBM X-Force Threat Intelligence Index 2020, which demonstrates changes in cybercriminal methods over the past year and names the brands that are most often used for phishing.
According to the study, 60% of the initial penetrations into the victim’s infrastructure were carried out using previously stolen credentials and known vulnerabilities in the software. Thus, in 2019, phishing was used as the initial penetration method in 31% of cases, while in 2018 this figure reached almost 50%.In 29% of cases, attackers used previously stolen credentials. In 2019 alone, were compromised more than 8.5 billion records, which is 200% more compared to the previous year. According to the study, 39% of company employees used the same password for several accounts, and 28% did not change their passwords at all. A similar trend, together with a growing number of data leaks, gives criminals the opportunity to carry out large-scale attacks”, – said IBM researchers.
As experts noted, companies continue to face security challenges for cloud services. Of more than 8.5 billion hacked entries in 2019, 7 billion (more than 85%) were related to the incorrect configuration of cloud servers and other systems.
Banking trojans, such as TrickBot, most commonly were used for large-scale ransomware campaigns. Cryptographers and new codes that use banking Trojans topped the ranking of new malware that appeared last year. A new malicious code was detected in 45% of banking Trojans and in 36% of encryptors.
Together with the non-profit organization Quad9, IBM experts investigated an increasing trend in phishing.
Criminals pretend to be large consumer brands that are most trusted by users and create fake links to their sites for phishing”, – said the researchers.
Among the largest brands used in fraudulent schemes were companies such as Google, YouTube and Apple. Six out of the 10 most frequently used brands belonged to the Google and YouTube domains. Fraudsters also used Apple (15%) and Amazon (12%) brands to steal user data.
Facebook, Instagram and Netflix are also among the ten most counterfeit brands, but with a significantly lower share of use.
Israeli experts at Check Point also published a report on the brands that cybercriminals commonly exploit during phishing campaigns. According to experts, most often criminals imitated well-known brands in order to steal personal information or user credentials.
Cybercriminals use a variety of attack methods to trick their victims into entering personal information, credentials, or transferring money. Often, links to phishing sites come through spam, but sometimes the attackers, having obtained user credentials, carefully study the victim for several weeks and work on a targeted attack on partners, clients of the company on behalf of their victim to steal money”, – said Check Point representatives.
During the fourth quarter of 2019, researchers carefully observed differences in the distribution of phishing pages. For example, phishing pages of social networks and banks were distributed mainly through mobile devices, and phishing emails, usually dedicated to the sales season, were distributed via e-mail.
The most popular brands among attackers were:
- Facebook (18% of the total number of phishing attacks)
- Yahoo (10% of the total number of phishing attacks)
- Netflix (5% of the total number of phishing attacks)
- PayPal (5% of the total number of phishing attacks)
- Microsoft (3% of the total number of phishing attacks)
- Spotify (3% of the total number of phishing attacks)
- Apple (2% of the total number of phishing attacks)
- Google (2% of the total number of phishing attacks)
- Chase (2% of the total number of phishing attacks)
- Ray-Ban (2% of the total number of phishing attacks)
As mentioned above, use of brands by criminals directly depends on how the distribution of phishing messages occurs.
So, phishing emails accounted for 27% of all attacks, and most often the attackers imitated Yahoo!, Rbs (Ray-Ban Sunglasses), Microsoft and DropBox. For example, we wrote that attackers even use fake resumes to spread Quasar RAT.
The most popular phishing methods are sites (48% of all attacks). Such malicious resources most often resemble Spotify, Microsoft, PayPal and Facebook.
25% of phishing attacks occur through mobile devices, and in such cases, hackers usually pretend to be Chase Mobile Banking, Facebook, Apple and PayPal.
