TRENDING
indicates that security controls , user training and overall awareness still appear to be falling short across the world .”
A phisher ’ s domain
As per previous years ’ research , F5 Labs noted that fraudsters are becoming ever more creative with the names and addresses of their phishing sites .
In 2020 to date , 52 % of phishing sites have used target brand names and identities in their website addresses . Using phishing site data from Webroot , F5 Labs
As a result of improved bot traffic ( botnet ) security controls and solutions , attackers are starting to embrace click farms .
– often for free . WordPress sites alone accounted for 20 % of generic phishing URLs in 2020 . The figure was as low as 4.7 % in 2017 .
Furthermore , cybercriminals are increasingly cutting costs by using free registrars such as Freenom for certain country code top-level domains ( ccTLDs ), including . tk , . ml , . ga , . cf , and . gq . As a case in point , . tk is now the fifth most popular registered domain in the world .
Hiding in plain sight
2020 also saw phishers intensify efforts to make fraudulent sites appear as genuine as possible . F5 SOC statistics found that most phishing sites leveraged encryption , with a full 72 % using valid HTTPS certificates to trick victims . This year , 100 % of drop zones – the destinations of stolen data sent by malware – used TLS encryption ( up from 89 % in 2019 ). discovered that Amazon was the most targeted brand in the second half of 2020 . Paypal , Apple , WhatsApp , Microsoft Office , Netflix and Instagram were also among the top 10 most impersonated brands .
By tracking the theft of credentials through to use in active attacks , F5 Labs observed that criminals were attempting to use stolen passwords within four hours of phishing a victim . Some attacks even occurred in real time to enable the capture of multi-factor authentication ( MFA ) security codes .
Meanwhile , cybercriminals also became more ruthless in their bids to hijack reputable , albeit vulnerable URLs
Combining incidents from 2019 and 2020 , F5 Labs additionally reported that 55.3 % of drop zones used a non-standard SSL / TLS port . Port 446 was used in all instances bar one . An analysis of phishing sites found that 98.2 % used standard ports : 80 for cleartext HTTP traffic and 443 for encrypted SSL / TLS traffic .
Future threats
According to recent research from Shape Security , which was integrated with the Phishing and Fraud Report for the first time , there are two major phishing trends on the horizon . As a result of improved bot traffic ( botnet ) security controls and solutions ,
24 INTELLIGENTCIO APAC www . intelligentcio . com