Group-B, a Singapour-based cyber security company, has noted an increase in the life expectancy of phishing attacks in the second half of 2019.
This trend, identified by the information emergency response team of Group B (CERT-GIB), has led to a significant increase in the number of blocked phishing sites during this period – an increase of more than 230 % over the previous year. In general, webphishers have legally modified their preferences in 2019: The electronic messaging equipment suppliers have been given the place they need in the new warehouse in the three first phishing destinations, which is not surprising if we consider that they cover all aspects of personal and sometimes professional life, with a huge amount of confidential data between their hands. The online services and financial institutions occupy the two other places in particular and seem to be among the most frequent victims since long.
During the second half of 2019, the Group I (CERT-GIB) information menace response team blocked a total of 8 506 web phishing resources as part of its work to develop and prevent the propagation of web threats, compared to 2 567 in the second half of 2018. This spectacular increase in the blockage is due to the prolonged duration of phishing attacks: Cybercriminals have put an end to their fraudulent campaign since their websites have been blocked and have quickly mobilised their efforts to attack other brands. Nowadays, they don’t stop there and continue to replace the pages suppressed by new ones. Another tendency that is discernible is the increase in resources accumulated during an attack.
Figure 1 Répartition du web phishing par catégorie de cible
According to the results of the last year, the TOP 3 Webfischer includes online services (in particular, client logics, online streaming services, electronic commerce, live services, etc.) (29.3%), online storage (25.4%) and financial institutions (17.6%). It is worth noting that some technological companies offer a wide range of services linked to the Internet and that some of them offer services between them, such as storage in the new and electronic courier services, for example different categories. The results of the CERT-GIB indicate that the authors of the fishing seizures have reviewed their groups of cibles. For example, the number of phishing attacks on Internet service providers has doubled over the last year, whereas the number of phishing attacks on Internet service providers has tripled. As far as user access to storage is concerned, the accounts of Internet access providers allow cybercriminals to access a wide range of sensitive information such as personal data and payment details, what is accompanied by a declaration of the interest of electronic mail carriers – the percentage of attacks against them has passed from 19,9 % to 5,9 % – and crypto-money projects, which are less attractive to cybercriminals than advertising campaigns for them.
Figure 2 Carte des principaux pays d’hébergement de sites de phishing
La base des pays hôtes du phishing a changé l’année dernière, selon le CERT-GIB : The States of Unis (27%), leader irreplaceable in terms of the number of phishing sites in recent years, have given it the place to Russia (34%) to the second place, whereas Panama, which was a long way between two predecessors, is still three (8%), as it had done one year earlier.
Livraison de logiciels malveillants : Qu’y a-t-il au menu ?
S2 2019 has shown a trend in recent years: The courrier is still the main means of distance selling, the espionage logics, the portes dérobées and other logistical tools used by cyber-arnaqueurs in 94 % of cases. In the majority of the case – 98 % – the malicious objects were delivered in the form of joint pièces, whereas only 2 % of phishing emails contained links to which the user could have clipped in order to spread the malware. A titre de comparaison : Selon le CERT-GIB, 23 % of the phishing e-mails were sent during the first half of 2019, which could indicate that the investments are more profitable for the fraudsters. In order to counter business security systems, cybercriminals have continued to archive their joint malicious paths during the second half of 2019. Environ 70 % of all malleable objects defined by the CERT-GIB have been live in archive files, mainly in .rar (29 %) and .zip (16 %) format. In addition to the menace-related subjects, the moths of the passenger allow access to the content of the archives in the letter, the name of the archive or in the superior correspondence with the victim.
Figure 3 The 10 main threats to phishing in the second half of 2019 and the expansion of medium-sized joint ventures
During the second half of 2019, the blackmail programmes will remain the most common form of electronic courier delivery by Hameçonnage, accounting for 47 % of all the joint courts. The Troy bank cheques, like that of Groupe B in its report on trends in high-technology crime for 2019/2020, continue to decline in popularity, representing only 9 % of malicious investments. These two have allowed their tour to include the espionage logics and the portes dérobées to progress, making the second malware malware the most popular with a share of 35%. La raison pour pourrait en être la fonctionnalité étendue des portes dérobées, qui leur permet également de voler des données financières et de remplacer des outils uniquement destinés à la collecte de données bancaires, tels que les chevaux de Troie bancaires. The ten main tools used in the attacks continued by CERT-GIB in the second half of 2019 are the following: the Troldesh estimate (55%), which the IB Group has been using for several years; Pony’s backdoors (11%), Formbook (5%), Nanocore (4%) and Netwire (1%); RTM banking troubles (6%) and Emotet (5%); and AgentTesla’s espionage logic (3%), Hawkeye (2%) and Azorult (1%). AgentTesla, Netwire and Azorult were the first to appear among the tools preferred by the attackers.
In the second half of 2019, we have known the retardation of phishing attacks – the attackers have changed the approach of their campaigns, choosing the quantity rather than the quality, – declare the adjoining chief of CERT GIB Yaroslav Kargalev. Storage in the nova and online services should continue to be one of the main obstacles faced by hamaconneurs due to the large quantity of personal data stored there. Cybercriminals are likely to use access to these data to first of all teleport the data from storage in the news, then blackmail their victims in order to increase the chances of gaining a rancour.
The CERT-GIB CERT-GIB, which opened its doors in 2011, was the first private emergency service certified in Europe in the Estonian region and is now one of the most important in the region. The CERT-GIB is a first-ever emergency response service 24 hours a day, designed to help contain the threat and, if necessary, to facilitate confidence-building equipment, medical experts and investigators on the location of the incident in order to avoid costly delays. The CERT-GIB has set up the Security Operations Center (SOC), whose staff monitor cyber security incidents in international companies using various cyber security systems and solutions. It concerns in particular a pre-detonation system for targeted attacks, a threat detection system and a system for the surveillance, analysis and prediction of cyber threats – Threat Intelligence. CERT-GIB’s experts provide support 24 hours a day, 24 hours a day to respond to incidents and can set up a mobile unit on the site to monitor procedures and retrieve numerical data. The CERT-GIB is also able to block the distribution of malicious logics, phishing and fraudulent web sites in more than 2,500 areas of the domain. CERT-GIB is an accredited member of the Trusted Introducer (Association of European Security and Incident Response Teams) and a member of the Forum of Incident Response and Security Teams (FIRST) and the Organisation of Islamic Cooperation (OIC-CERT).
À propos du Groupe IB The IB Group is a provider of Singapour-based solutions for the detection and prevention of cybercrime, online fraud, IP address protection and high-level cybercrime. The Groupe B threat analysis system was classed among the best in its category by Gartner, Forrester and IDC. The IB Group’s technological leadership has 17 years of practical experience in cybercrime surveys around the world and 60 000 hours of response time to cybercrime incidents at CERT-GIB, one of the largest scientific police laboratories and a rapid response centre for cyberspace incidents 24 hours a day, 7 days a week. The IB Group is a partner of INTERPOL, Europol and has been recommended by the OSCE as a provider of cyber security solutions. The experience and intelligence of the threats of Groupe IB have been combined to create an ecosystem of logistic and high technology solutions designed to monitor, identify and prevent cyber threats. Our mission is to protect clients in cyberspace through innovative products and services.
In relation to the current premises, the IB Group has set up a StayCyberSafe portal with recommendations for organising distance working and cyber security and webinaires on modern cyber threats and how to combat them.
Пожалуйста, проголосуйте за Prix des blogueurs sur les affaires de sécurité pour la cybersécurité européenne – VOTEZ POUR VOS GAGNANTS
(SecurityAffairs – фишинговые атаки, хакерство)