The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of 2020. Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts.
Phishers Turning Security Features Against Users
PhishLabs, an APWG contributor, has found that four out of five cybercriminals now use HTTPS. PhishLabs tracks phishing sites using HTTPS encryption to provide insight into how cybercriminals trick users into believing they are engaging in secure communications.
“Now, 80 percent of phishing sites have SSL encryption enabled - which surprisingly is even higher than web sites in general,” said John LaCour, CTO of PhishLabs. According to a Q-Source survey, only 66.8 percent of websites use SSL.
“Not surprisingly, most SSL certificates used by phishers were Domain-Validated (DV), which is the weakest form of certificate validation.” said LaCour. There are three types of SSL certificates, and DV certificates can be issued quickly, through an easy verification process. Of more than fifty-three thousand SSL certificates observed by PhishLabs, 91.3 percent were Domain-Validated.
Generally, PhishLabs found that cybercriminals are using free certificates. In Q3, 40 percent of all SSL certificates used by phishers were issued by the same free certificate authority, Let’s Encrypt.
Limited Action by Registrars and Registries Aids in Phishing Increase
APWG found that phishing activity has increased dramatically since March of 2020. Unique email subjects have increased as well, indicating that threat actors are using a variety of different attack campaigns. An average of 500 brands were targeted by phishing each month over the course of Q3, with SaaS remaining the most frequently attacked industry, targeted 31.4 percent of the time. Attacks against social media companies also increased to 12.6 percent.
APWG members found that most maliciously registered domains are concentrated to a small number of domain registrars, registries, and hosting providers, indicating that action by these operators can prevent and mitigate large amounts of phishing. Alarmingly, the report also found that malicious domains are used rapidly after registration, with 65 percent engaged in phishing activity within five days.
BEC Scammers Continue to Profit
Business Email Compromise (BEC) remains one of the most damaging types of cyber attacks and has caused billions of dollars in losses to organizations. In Q3, 81 percent of BEC attacks originated from free webmail accounts, a notable 10 percent increase from Q2. Gmail was associated with 69 percent of the attacks, a vast majority over other providers.
The report also found 16.3 percent of BEC attacks involved domains registered by the phishers, with most originating from five registrars: Namecheap, Public Domain Registry, Google, Tucows, and NameSilo.
BEC criminals have been identified operating out of 50 countries, with more than $64 million in intended stolen funds attributed to mule accounts in a little over a year.
Download the full report here: Phishing Activity Trends Report, Third Quarter 2020