For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.
Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.
It was a serious threat, of course, but it had become somewhat… predictable.
But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.
In the past few years, you’ve no doubt started to see some pretty strange website suffixes.
You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.
In late 2015, malware trends hinted a ransomware epidemic was on its way.
And what happened? Less than three months into 2016, security analysts had branded it the ‘year of ransomware’.
Even popular media outlets were covering ransomware cases on an almost daily basis, and both consumers and businesses the world over would come to understand exactly what the word ransomware really means.
So what happened? After all, ransomware has been around for decades, so why the sudden explosion?
“For any study or research project, the ultimate assessment of validity is independent duplication of results.”This quote was the first line of an email I received a few days ago from Crane Hassold, our senior security threat researcher at PhishLabs.
And since we’ve recently published our annual Phishing Trends & Intelligence (PTI) report, I was interested to learn more.
At this point, most organizations are already aware of phishing. No matter what industry you’re in, phishing is one of the top cyber threats you’ll face in 2017.
But for most people, the threat actors responsible for phishing attacks are something of a mystery. They picture a faceless, hooded specter, hidden somewhere in the dark recesses of the Internet.
Many organizations assume they won’t be targeted by phishers.
And we get it. Your security budget is only so big, and you have to make decisions about where to allocate it. You can’t cover all your bases all the time.
But the phishing landscape has moved, and the old ‘rules’ don’t apply anymore.
Unless you’ve been living under a rock for the past decade, you’ve already heard of phishing.
You probably have an idea of how it works. Perhaps you’ve even spotted a few suspicious emails in your inbox.
Security conscious organizations have been concerned about phishing for a long time. Many have been actively teaching employees to recognize and report phishing emails on sight.
On behalf of the PhishLabs R.A.I.D., I'm proud to announce that the 2017 Phishing Trends & Intelligence Report has been released. As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening.