Page 12 - Cyber Warnings
P. 12
Phishing: A Changing Business Model for a Rampant Problem
Why phishers are adapting to new schemes and tactics to prey on human
instinct and weakness.
by Joseph Opacki, Vice President of Threat Research, PhishLabs, Inc.
Most people completely overestimate their ability to identify a phishing attack. As users, we’ve
been bombarded for years with “phishing” training that has largely been in the form of the “don’t
click” ideology. Largely because of this repeated message, users have become desensitized to
phishing as a legitimate threat vector and have become unaware of how voluminous the
problem is or how sophisticated the attack has become.
Phishing is generally defined as a social engineering attack against the end user and is the
primary attack vector for almost every single cyber-attack. It is the vehicle that threat actors use
to start a breach attempt, how most credential theft occurs, and how most malware is delivered.
After analyzing millions of confirmed malicious phishing sites, tens of thousands of phishing kits
used to create these attacks, and tens of thousands of malware samples delivered via this
platform, there is one thing that is obvious. The business model for phishing is changing.
The clear majority of phishing activity is profit-driven and phishers have found a way to multiply
those profits at the expense of companies that they aren’t even attacking directly. For the
longest time the attack methodology was known. The phisher impersonates a login page of a
financial institution on a compromised website or hosts the scam page in some bullet proof
hosting location, sends the phish to its targets, waits for the scam page to begin stealing
credentials, then utilizes those credentials to illegally log into these accounts and transfer funds.
Don’t get me wrong, this paradigm still works and is widely used, however one thing is
happening and we didn’t anticipate.
More and more companies are utilizing email addresses as usernames. If you don’t immediate
understand why this is important, let me lay out the framework. Most end users don’t place
enough emphasis on security over convenience. This means that the majority of us are doing
things like reusing passwords at multiple websites. I’m guilty of this so don’t feel like I’m
chastising you.
Basically what this means is that as an end user you should be cognizant of any potential
breach where you may have had an account as now the majority of threat actors are beginning
to reutilize your email address and password combination to attempt to log into your financial
accounts.
This idea of password reuse attacks is also why we as a security community have placed so
much emphasis on attacks like the Yahoo breach where over a million user accounts were
compromised.
12 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
