4 min read

Phishing is a global business ... and an attack can be very costly!

Phishing is a global business ... and an attack can be very costly!

A recent study by the Ponemon Institute has revealed some alarming statistics about the costs of phishing attacks. The study takes a look into all costs associated with these attacks, including recovery and loss of productivity — which actually cost more than payouts made to cybercriminals. The cost of a phishing attack has risen sharply over the past six years — now costing large U.S. companies $14.8 million U.S. annually, which works out to about $1,500 U.S. per employee. By comparison, in 2015, this figure was $3.8 million U.S. annually. This means that in just six years, the cost of phishing attacks has nearly quadrupled. During 2020, business email compromise (BEC) attacks costs rose significantly, with more than $1.8 billion U.S. stolen from U.S. organisations by impersonating employees, partners, or vendors — among other common tactics

Phishing Takes many Different Guises

We need to be prepared and vigilant about the different techniques criminals deploy to get us to part sensitive information. 
 
There is Phishing (get sensitive information using email from banks, social websites, typical scams), Spear Phishing (small targeted attacks on particular people), Whaling (spear phishing directed towards senior execs), Baiting (put something in front of you in an elevator with a view to sign), Honeytrap (makes a person interact with victims), Pretexting (false motive involving some real information on the victim in an attempt to get more information), Rogue Spyware (malware that deceives or misleads the user to pay for fake or simulated removal of malware).
 
Read about some real-life phishing attacks using a variation of phishing techniques.

Executing Real-Life Phishing Attacks

A large credential phishing campaign using open redirector links to bypass security software is currently underway. This latest campaign couples well known brands such as Zoom, with open redirect links to lure individuals into interacting with those links. These links further redirect users to CAPTCHA verification pages, which adds an air of legitimacy and makes automated security analysis more difficult, before it prompts users for credentials.
 
A phishing operation dubbed BulletProofLink has been discovered to be providing attackers with everything they need for phishing attacks. This operation provides everything from phishing kits and templates to hosting services and other useful tools. The service provides more than 100 phishing templates that copy known brands such as Microsoft, and even creates unique subdomains to associate with their campaigns — over 300,000 of which were generated in a single run.
 
BulletProofLink provides services for as little as $800 per month, while individual services can cost much less. For instance, a one-time hosting link may only cost $50, and first-time customers even receive a 10% discount. Another brand new phishing attack is disguising itself as a UPS email that appears legitimate, but instead exploits a vulnerability in UPS’s main website. All of the links in the email are legitimate except for the button that opens the track package page. It contains a malicious payload that takes advantage of an XSS vulnerability in order to eventually download a malicious Word document that in turn delivers another malicious payload. Attacks like this demonstrate just how crafty attackers can be, and how tricky it can be to spot a phishing email.
 
A malware group known for pushing TeamTNT malware has a new campaign dubbed Chimaera, which has been attacking multiple operating systems. TeamTNT has added a number of tools to their arsenal, including shell scripts, a cryptominer, IRC, open-source tools, and more. More than 5,000 infections globally have been attributed to the group, and open source tools are now being used by TeamTNT to steal usernames and passwords, and have been attacking Windows and multiple Linux distributions, as well as AWS, Docker, and Kubernetes. In the past, they had also been observed attacking MacOS systems.
 
Phishing does not need to be that advanced in order to be successful. A British teenager earned more than $2.7 million U.S. with a fraudulent replica of the popular Love2Shop gift card online shop. The site was being run as a phishing site, collecting all payment card details and other private data entered on the site, while victims did not receive their promised gift cards. Law enforcement subsequently found details of 12,000 payment cards and around 200 PayPal accounts in the teen’s possession. The teen earned $440,000 U.S. from the website within a few weeks, which he then invested in Bitcoin that grew 10 times to a value of around $3 million U.S.
 
As cryptocurrencies become more and more popular, we see and will see more attacks on crypto exchanges and cryptocurrencies owners. For example, the crypto exchange Coinbase has recently disclosed that at least 6,000 customers had fallen victim to a phishing campaign earlier this year — resulting in funds being stolen from their accounts. The attacker obtained the email addresses, passwords, and phone numbers of Coinbase customers, and the company believes this was due to social engineering, such as an email phishing attack. Once logged in to customer accounts, the attacker was able to steal funds from these accounts. While Coinbase requires two-factor authentication, accounts using SMS for that verification were vulnerable due to a flaw in the SMS Account Recovery process. The flaw has since been patched, but not before funds were removed from accounts. Coinbase has chosen to reimburse customers, but most victims of phishing aren’t so fortunate. 
 

What's your #CyberFit score?

it is very important to have proper multilayered cyber protection, which will cover as many verticals and operating systems as possible, but that will also be able to restore machines and data if something slips through. Accxia Cyber Protection is exactly this type of solution: aimed to provide an excellent level of protection along with best in the industry recovery time for both machines and data.
 
Accxia Advanced Email Security scans all emails coming into your inbox and blocks phishing and other malicious emails from even being seen. This keeps your accounts and data safe by stopping an attack before it can even begin.
 
If you are unsure of your current security posture or you want to review the current tools you have in place or understand any security gaps you may have.
 
Download and assess your business's #CYBERFIT score with Accxia's free lightweight #CyberFit score tool, which is powered by Acronis. Run it without installation and compare the security configurations of your endpoint and IT environment against the industry's best standards. Get a remediation report in seconds and mitigate security risks and keep endpoints safe from Cyber Attacks based on informed, actionable recommendations. 
 
Download our #CyberFit score tool for free (64bit / 32 bit) or get in contact with one of our Cyber Security consultants to start a conversation on how we can help you.
Geo-redundant Backup - Perception and reality

1 min read

Geo-redundant Backup - Perception and reality

It sometimes comes as a surprise that even accomplished IT professionals seem to take an undifferentiated view of advertised features of mainstream...

Read More
Cyber Attacks Cause Billions in Damages

Cyber Attacks Cause Billions in Damages

Cyber attacks in the home office cause billions in damages The home office is an open door for cyber criminals, says the German Economic Institute....

Read More
WHAT DID WE LEARN AT THE ACRONIS #CyberFit SUMMIT?

3 min read

WHAT DID WE LEARN AT THE ACRONIS #CyberFit SUMMIT?

WHAT DID WE LEARN AT THE ACRONIS #CyberFit SUMMIT?We recently sponsored the Acronis #CyberFit Summit at Acronis’ HQ in Schaffhausen, Switzerland,...

Read More