The Anti-Phishing Working Group’s H1 2017 Phishing Activity Trends Report found upticks in phishing attacks against companies in the Logistics & Shipping as well Cloud Storage & File Hosting sectors, mounted by cyber gangs against the accounts of both individuals and enterprises.
Once they steal usernames and passwords, the criminals can then steal not only funds, but also use services to spend spam mail, order goods for resale, and other nefarious ventures.
While the report finds that phishing attacks have occurred most frequently against companies in the Payment, Financial, and the Software-as-a-Service/Webmail sectors in the first half, APWG contributing analysts found two important focus points of cybercrime gang activity:
- An increase in the number of phishing attacks using free hosting providers or website builders.
- In the new gTLDs and in ccTLDs, much of the phishing activity was concentrated in a small number of domains.
By studying these phenomenon, the APWG hopes to raise awareness of these vulnerabilities so that hosting providers and registrars can improve their business practices and mitigation operations.
Crane Hassold, Manager of Threat Intelligence at PhishLabs, noted that hosting providers that offer free hosting and free website-building tools provide criminals with opportunities. “These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site. Free hosts also afford phishers additional anonymity, because these services do not make registrant information easily available.”
An examination of domain name registration patterns revealed other poorly managed web hosting practices that enabled crime. “The .TECH top-level domain had a higher concentration of phishing sites than would be expected, considering the number of domains in the TLD,” said Jonathan Matkowsky, Vice-President, Intellectual Property and Brand Security at RiskIQ. “Our investigation found that this was because a hosting provider in the Russian Federation was allowing its customers to create sub-domains on the hosting provider’s domain name. This offered miscreants the opportunity to target multiple brands across a variety of industries.”