Plenty more phish in the sea: 1.4 million of them each month, says Webroot

by John Smith Technician

According to a Webroot data report, every month around 1.385 million new phishing websites are being created to trap unsuspected users and they are getting more sophisticated, targeted, harder to ignore and harder to detect. Webroot’s Quarterly Threat Trends Report reveals that such suspicious activities peaked in May 2017, when around 2.3 million new phishing websites were developed. If we count that per day basis, then it is 46000 websites a day.

http://help-number.com/blog/wp-content/uploads/2017/09/digital_banking-1-768x512.jpg

Most of those phishing attacks last from four to eight hours, which is short enough to detect from old anti-phishing ways including block list. Although block list can be modified on an hourly basis, but it can take up to five days before they are made available. This directly shows that there is a huge room for such phishing attacks, Webroot says.

Now-a-days, phishing attacks are highly sophisticated, with hackers using malicious links and information collected from reconnaissance to make you click on a URL. These are done so cleverly that even cybersecurity experts can be a victim. Hal Lonas, Webroot’s CTO said that instead of blaming the victim, the cybersecurity industry needs to find the better ways using real-time intelligents to deal with the ever-changing threat landscape.

Around 35% of the phishing attacks are done by imitating Google as a company, which shows that these attackers or hackers are also bringing modification in their imitating tactics. 13% impersonate Dropbox, 7% impersonate Facebook, 10% impersonate PayPal and 6% impersonate Apple. Australia and New Zealand have been a major target of most of the phishing attacks on the likes of telecommunications providers, AusPost, AusPost, Australian Tax Office, AFP, E-Toll and banks.

Both these countries will further be a hotbed for such malicious attacks. With the sophistication and impersonation method being used by cybercriminals, it is getting even tougher for the cybersecurity experts to decide which email is safe and which is infected. Webroot Australia's senior information security analyst, Dan Slattery further said that to fight with this issue, we strictly need a blend of user education and a business-wide solution.

The Quarterly threat trends report also reveals that between 2 to 4% of all new files and documents are either PUAs (Potentially Unwanted Applications) or malware. The number of these potentially unwanted applications has fallen down to 2.2% over the last year. This simply indicates that the companies have focused to detect and stop PUA use. Due to this, attackers are not using these methods and finding some new ways to attack the users.

The report also revealed that the drop in the percentage of potentially unwanted applications among new files is somewhat offset by the increase in the number of new files including benign, malware and PUAs.