Group-IB has recorded significant growth in the lifespan of phishing attacks during the second half of 2019.
The alarming trend has been revealed by Group-IB’s Computer Emergency Response Team (CERT-GIB), with a “tremendous increase” in the number of phishing websites blockages rising more than 230 percent year-on-year.
Web phishers have increasingly targeted cloud storage over email service providers in the so-called "Top three of phishers’ targets", in a slight and more general way in 2019, the company said.
It comes as little surprise given the fact cloud storage records gigabytes of sensitive data as well as every aspect of personal and sometimes corporate lives.
“In the second half of 2019, we saw the prolongation of phishing attacks - attackers changed approach toward the conduct of their campaigns, choosing quantity over quality,” said CERT-GIB deputy head Yaroslav Kargalev.
“Cloud storage and online services are due to remain among phishers’ main targets due to the large amount of personal information that is stored in them, cybercriminals are likely to use the access to them to first download data from cloud storage and then blackmail their victims to increase the chances of receiving a ransom.”
Group-IB said that online services and financial organisations are also among the top three most frequent victims.
In detecting and preventing threats distributing online, CERT-GIB blocked 8,506 phishing web resources in the second half of the fiscal year in 2019, compared to 2,567 in H2 2018.
The surge in the number of blockages comes from the growing duration of phishing attacks.
Where cybercriminals used to stop their fraudulent campaign as soon as their web pages were blocked, they are now quickly mobilising attacks on other brands.
Now, they continue replacing removed pages with new ones - a result of the rising number of resources accumulated for a single attack.
The top three of web phishers’ targets were online services (namely client software, online streaming services, e-commerce, delivery services and etc.) (29.3 percent), cloud storages (25.4 percent), and financial organisations (17.6 percent).
The number of phishing attacks on cloud storage nearly doubled last year, CERT-GIB’s found, while internet providers witnessed a three-fold increase in the number of phishing scams targeting them.
There was also a lower interest to email service providers.
The proportion of attacks on them decreased from 19.9 percent to 5.9 percent.
Cryptocurrency projects also became less attractive to cybercriminals as the hype around them started fading away.
The top ten tools used in attacks tracked by CERT-GIB in the second half of 2019 were ransomware Troldesh (55 percent); backdoors Pony (11 percent), Formbook (five percent), Nanocore (four percent) and Netwire (one percent); banking Trojans RTM (six percent) and Emotet (five percent); and spyware AgentTesla (three percent), Hawkeye (two percent), and Azorult (one percent).
AgentTesla, Netwire and Azorult for the first time appeared among attackers’ preferred instruments.