Like years past, phishing continues to be an evolving threat. What once was a simple attack that would hit everyone from your neighbors to your colleagues’ inboxes has since expanded to different medians and tactics growing in sophistication.
RSA 2018 is nearly here and with it PhishLabs will unveil the emerging cybercrime trends and intelligence contained within this year’s Phishing Trends and Intelligence Report.
In addition to this year’s PTI report findings, our Director of Threat Intelligence, Crane Hassold, will be onsite discussing how he discovered and tracked the recently indicted Iranian’s tied to the Mabna Institute.
It probably comes as no surprise that the second quarter of 2017 brought changes in the phishing landscape. A dramatic increase (41%) in overall phishing volume was observed by the PhishLabs research team. Additionally, there have been shifts in the industries that are being targeted. This is further evidence that the threat landscape is both thriving and volatile as cybercriminals pivot and exploit different targets.
After years of gathering and analyzing phishing data, only one thing is certain - phishing continues to be a successful attack method for cybercriminals.
For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.
Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.
It was a serious threat, of course, but it had become somewhat… predictable.
But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.
In the past few years, you’ve no doubt started to see some pretty strange website suffixes.
You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.
In late 2015, malware trends hinted a ransomware epidemic was on its way.
And what happened? Less than three months into 2016, security analysts had branded it the ‘year of ransomware’.
Even popular media outlets were covering ransomware cases on an almost daily basis, and both consumers and businesses the world over would come to understand exactly what the word ransomware really means.
So what happened? After all, ransomware has been around for decades, so why the sudden explosion?
“For any study or research project, the ultimate assessment of validity is independent duplication of results.”This quote was the first line of an email I received a few days ago from Crane Hassold, our senior security threat researcher at PhishLabs.
And since we’ve recently published our annual Phishing Trends & Intelligence (PTI) report, I was interested to learn more.
At this point, most organizations are already aware of phishing. No matter what industry you’re in, phishing is one of the top cyber threats you’ll face in 2017.
But for most people, the threat actors responsible for phishing attacks are something of a mystery. They picture a faceless, hooded specter, hidden somewhere in the dark recesses of the Internet.
Many organizations assume they won’t be targeted by phishers.
And we get it. Your security budget is only so big, and you have to make decisions about where to allocate it. You can’t cover all your bases all the time.
But the phishing landscape has moved, and the old ‘rules’ don’t apply anymore.