Cyber-criminals are lowering the cost and increasing the effectiveness of phishing by leveraging compromised servers and turnkey phishing services, which are the key drivers of the overall increase in phishing attacks.
According to Imperva’s Hacker Intelligence Initiative (HII) Report, the low cost of launching a phishing campaign and the high projected return on investment for cyber-criminals is leading to an epidemic of offensives.
Imperva researchers browsed the darknet marketplace to estimate the cost of phishing campaigns and to get a clear picture of the business model. They observed the ease of purchase and low cost of phishing-as-a-service (PhaaS) campaigns. In addition, they saw that hackers were easily able to hijack compromised webservers for their campaign, which further lowered the investment needed. Based on the researchers’ analysis of costs, PhaaS is about a quarter of the cost and two times more profitable than a traditional unmanaged phishing campaign, which is skill and labor intensive. Unfortunately, lowering the costs and technology barriers associated with phishing is sure to lead to an increase in phishing campaigns, and the number of people falling victim to these campaigns.
Following the trail of the hackers, the researchers could garner a surprising amount of data on both the victims and the hackers’ social engineering techniques. Diving into the data on victims, it became clear that people were most likely to take the email phishing bait during the hours of 9 a.m. to noon while at work when they were busy writing and replying to emails. Additionally, victims were more likely to enter their username and password to open an email attachment—in this case an Adobe PDF file—than to click on a URL in the email and blindly log in.
“The combination of PhaaS and compromised web servers has significantly lowered the monetary, technological and time investment needed to conduct a successful phishing campaign,” said Amichai Shulman, co-founder and CTO of Imperva. “It’s no longer feasible for enterprises to use the client-side approach of endpoint software to fight phishing attempts because people continue to click nefarious links in email. One way to slow the attacks is to choke off easy access to compromised servers, which would make the phishing business model more expensive and lower profitability. Web applications are ubiquitous today, and web application security needs to be widely adopted to stem the growth of phishing and protect valuable data and applications.”
The deep dive uncovered interesting attribution details as well. The researchers linked one campaign in June 2016 to an Indonesian hacking group that began its career with a series of defacement attacks, a form of electronic graffiti, against targets in the US, Australia and Indonesia. In late 2015, the group moved on to financially motivated hacking and have been able to mount and actively maintain three different campaigns involving Outlook Web Applications, Wells Fargo’s Online Banking and an Adobe PDF campaign. This group also has been linked to campaigns that use vulnerability scanners for online shops that use the Magento e-commerce system.
Photo © wk1003mike