sb-as logo
Story image

Phishing becoming more prolific and impregnable - report

19 Jun 2020

The most prolific form of cyber attack to emerge in the COVID-19 era is becoming even more targeted and difficult to defend against as the pandemic wears on, according to new research released by ProPrivacy.

Phishing campaigns continue to grow in scope and prominence rather than lose influence as more people return to work. 

The study, conducted with VirusTotal and WHOIS XML, analysed more than 600,000 domains to accurately track malicious activity throughout the pandemic. 

This analysis found that the number of phishing domains being registered peaked in March, yet domain registry activity remains high three months later with as many as 1,200 domains still being registered each day. 

125,000 domains in total have been found to be malicious by the study – the ‘vast majority’ being used for phishing purposes.

“It would be easy to look at the overall trend and conclude that phishing activity related to the pandemic has simply fizzled out, but that’s not an accurate assessment,” says lead researcher Sean McGrath.

“These malicious campaigns have moved underground and are now addressing our most intimate concerns. When will my children return to school? Will I lose my job? 

“It is these - truly human - questions that will fuel the 'second peak' of malicious activity. This is the next battlefront in the digital pandemic.” 

Indeed, researchers noted that campaigns gradually became more targeted and potent as time wore on, evolving to take advantage of new and emerging fears held by the public.

Whereas in March, many registered domains related to terms like ‘covid’ or ‘mask’, months on there has been an increase in domain registrations related to unemployment, welfare benefits, and stimulus packages.

The passage of time has also provided attackers with valuable experience and insights over which campaigns work and which don’t – meaning attacks are more nuanced and sophisticated than they were before.

These focused campaigns are not only more likely to succeed, but they are becoming increasingly difficult for the threat intelligence community to identify using conventional broad stroke methods, according to ProPrivacy. 

As part of the research, ProPrivacy tracked all domains registrations from January 1 2020, after which each domain was checked against VirusTotal’s database of more than 60 threat intelligence partners. 

Once the researchers identified which domains were malicious and/or being exploited in phishing campaigns, they noted the new themes that were emerging as public sentiments and concerns changed with time.

In the course of their study, researchers also found that GoDaddy was the most abused web host, hosting a disproportionately high number of domains used for phishing activity. 

The company, the largest hosting provider in the world with a 15% share of all hosted sites on the internet, hosted 37% of the 80,470 IP addresses analysed in the study.

“We see a lot of niche registrations in our typosquatting data feed files,” says an unnamed WhoisXML API researcher.

“Registrants seem to target vulnerable groups. We suspect that these domains could serve as social engineering baits and trigger emotional responses.”

Story image
Oracle launches second Gen 2 Cloud region in India
“A large number of Indian organisations are looking to change growth orbits with greater focus on cloud-led innovation," states Oracle.More
Story image
Oracle combines cloud automation with comms security in new solution
The Oracle Communications Security Shield (OCSS) Cloud is built on the company’s cloud infrastructure, and uses AI and real-time enforcement to combat the heightened risk of infrastructure attacks presented to contact centres and enterprises.More
Story image
IT pros report increase in security issues due to remote working
Security issues, IT workloads and communication challenges have all seen significant increases in the new remote working era, according to new research from Ivanti.More
Story image
Inteview: Mimecast security expert on why email attacks are more successful than ever
Techday spoke to Mimecast Australia principal technical consultant Garrett O’Hara, who walks through why security experts are becoming increasingly pessimistic about email-borne attacks.More
Story image
Illumio launches Zero Trust endpoint protection solution for our digital, remote world
“As organisations were forced to transform overnight to allow for remote work, a host of endpoint security issues that have either been ignored or invisible until now were brought to the forefront."More
Story image
Rackspace and Cloudflare join forces for managed edge security
Rackspace and Cloudflare join forces for managed edge security The solution includes a web application firewall, DDoS protection, DNS services and a global content delivery network, backed by 24/7 support.More