Phishing Lives On with New Bait

Mar 11, 2016 | by Heidi Bleau

The saying "Gone Fishing" on the once prosaic signs hanging from rural-based gas stations or car repair shops has evolved to mean something completely different in 2016. While phishing attacks are not growing by leaps and bounds like other types of cyber threats, it is certainly showing no signs of slowing down.

Last year, RSA identified over 525,000 unique phishing incidents targeting brands across the globe, a 10% increase in the number of attacks we saw in 2014. So which countries were most affected - and at what cost? Here is your invitation to view the latest RSA global phishing map.

So what is making phishing live on in a world where the financial yield is much higher for cybercriminals using advanced malware, cyber extortion and other sophisticated attacks? It's quite simple: it still works.

It's not just consumers who are at risk anymore. Organizations and their employees are increasingly being lured with new bait. In an incident just last week, one large company fell prey after HR and finance professionals were targeted with a sophisticated phishing attack which resulted in the loss of employee Social Security numbers, salaries and other personal data.

It's more than just who or what is being targeted though. Phishing attacks have also undergone some technological evolution over the years. For example, RSA has identified many recent phishing attacks employing redirection mechanisms that leverage a dynamic DNS generator that changes the IP address of the attack site. While the domain name of the host site remains the same, the IP address constantly changes every couple of minutes to make detection - and shut down - much more difficult. The result: The lifespan of a phishing attack is longer, resulting in increased losses.

The damage to banks is very clear and is reflected in the direct hit to their bottom line. But other industries have a cause for concern as well. The retail industry is a good example. Many phishers are increasingly using trusted consumer brands to serve as the face of their attacks. Even more, loyalty points and rewards programs are also being targeted via phishing as cybercriminals look for new types of accounts to cash out.

Phishing can also indirectly put retailers at risk as consumers continue to use the same password across multiple sites. If Retailer A is breached, a cybercriminal can then try those same credentials at Retailer B, Retailer C, and so on. Recent breaches have been announced pointing to compromised accounts resulting from a breach at another retailer where credentials were re-used across other websites.

The value of cyber security awareness and education is under estimated (and some even scoff at it). However, I have a good friend who is a security engineer at one of the largest retailers in the Northeast. He is cynical about most things (and that is being nice), but his job is to raise awareness within his organization about cyber security. He has shared many experiences of phishing and malware attacks that have been thwarted as a result of employees being alert and suspicious. You can't put a value on that.

Advanced fraud intelligence services are equally as important, though. This is much more than just purchasing IP blacklists or similar intelligence feeds. Such services include 24x7 detection and shutdown of targeted attacks along with active monitoring of cybercrime forums. Remember, the Dark Web is not just a big marketplace for selling stolen credit cards. Cybercriminals are constantly communicating with one another on the easiest targets to cash out and the security gaps to take advantage of - and that loophole could be on your website.

Author: Heidi Bleau

Category: RSA Point of View, Blog Post

Keywords: Cybercrime, Cybercrime and Fraud, Phishing, Threat Intelligence