Webroot sheds light on the short, sharp lifecycle of phishing websites
Phishing websites have shorter lifecycles than ever before, but their numbers becoming much more prevalent - and Google, Paypal, Yahoo and Apple are the main targets, according to new Quarterly Web Update findings from Webroot.
84% of phishing sites exist for less than 24 hours, and the average life cycle is less than 15 hours, the company found. However, an average of more than 400,000 phishing sites are cropping up each month, and most of those are hidden within unused domains.
Phishing sites are becoming much more cunning, playing on sophisticated techniques to get information from people and companies.
Webroot CTO Hal Lonas says phishing sites can even exist for as few as 15 minutes.
“In years past, these sites could endure for several weeks or months, giving organisations plenty of time to block the method of attack and prevent more victims from falling prey. Now, phishing sites appear and disappear in the span of a coffee break, leaving every organisation, no matter its size, at an immediate and serious risk from phishing attacks," Lonas says.
Webroot also found that old techniques that used static or crowdsourced blacklists of bad domains and URLs must now be abandoned. Additionally, all URLs must be checked each time they are requested because it takes only seconds for a genuine website to be compromised.
Google is also the most targeted 'high risk' organisation, with 21% of all phishing sites impersonating the company between January and September this year. Paypal, Yahoo and Apple were close behind.
Webroot says that cloud-based machine learning is the only way to prevent malware, ransomware, phishing and other cyber threats. These are able to keep not only keep up with the scale of attacks, but also attack methods, such as polymorphic behaviours.
The company says cloud-based machine learning also shows how millions of objects, including good and bad objects, communicate online.
"When it comes to finding the richest and most highly differentiated source of input for cloud-based machine learning driven security, nothing beats real-world endpoint and web sensor data. Organisations that incorporate real-world data from millions of endpoint sensors are better positioned to identify never-before-seen and zero-day threats the moment they emerge, anywhere in the world," Webroot concludes.