SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AI Security
#
AI
#
Cybersecurity
Plenty more phish in the sea: 1.4 million of them each month, says Webroot
Mon, 25th Sep 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Every month, 1.385 million unique phishing sites are being created to catch unsuspecting users and they are becoming more targeted, sophisticated, harder to spot and harder to avoid, according to data released from Webroot last week.

The company's Quarterly Threat Trends Report shows that phishing activity peaked in May of this year, when 2.3 million phishing sites were created. On average, more than 46,000 new sites are created per day.

Most attacks last between four to eight hours – short enough to evade detection from traditional anti-phishing methods such as block lists. Block lists may be updated on an hourly basis, but it can take three to five days before they're made available. That means there's a large window for attacks, Webroot says.

“Today's phishing attacks are incredibly sophisticated, with hackers obfuscating malicious URLs, using psychology, and information gleaned from reconnaissance to get you to click on a link.  Even savvy cybersecurity professionals can fall prey. Instead of blaming the victim, the industry needs to embrace a combination of user education and organisational protection with real-time intelligence to stay ahead of the ever-changing threat landscape,” comments Webroot's CTO, Hal Lonas.

Attackers are also changing up their impersonation tactics when carrying out phishing attempts. 35% of phishing attacks attempt to impersonate Google as a company.

13% impersonate Dropbox, 10% impersonate PayPal, 7% impersonate Facebook and 6% impersonate Apple.

Closer to home, Australia and New Zealand have been the targets of a number of phishing attacks on the likes of AusPost, AFP, Origin Energy, E-Toll, Banks, telecommunications providers and the Australian Tax Office.

“Australia and New Zealand continue to be a hotbed for phishing attacks. With the personalisation and sophistication used by cybercriminals, it's even difficult for hardened security professionals to determine which emails are safe or infected. We need a combination of user education and a business-wide solution to keep phishing attacks at bay,” comments Webroot Australia's senior information security analyst Dan Slattery.

The Quarterly Threat Trends report also found that between 2-4% of all new files are either malware or potentially unwanted applications (PUAs).

The number of PUAs has dropped to 2.2% over the last year, it indicates that organisations have focused their efforts to detect and stop PUA use. As a result, attackers are not using these methods as much.

“The drop in the percentage of PUAs among new files is somewhat offset by the simultaneous increase in the total number of new files (benign, malware, and PUAs) being seen each year,” the report also adds.

Related stories
Aqua Security celebrates consecutive year of channel growth
Fortinet upscales OT & CI cybersecurity in Asia-Pacific
Five top concerns in private cloud visibility
Ransomware attacks rise in global food & agriculture sector
AI-enabled biometric market to reach $50.5 billion by 2031
Top stories
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Legit Security announces strategic partnership with GuidePoint Security
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Gartner survey reveals challenges in zero-trust strategy implementation
Wavelink partners with Orca Security to enhance cloud security