Phishing attacks increase in H1 2021, sharp jump in crypto attacks
Overall, the first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, PhishLabs reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.
“Bad actors continue to utilize phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on,” says John LaCour, CTO of PhishLabs.
“That said, it’s interesting to see the significant dip from May to June 2021. We’ll continue to monitor through the summer and analyze if we’re seeing a trend in the right direction, or if attackers simply took a summer vacation.”
The impact of phishing attacks in H1 2021
- Crypto is fully in attackers’ sights: This category experienced an increase of phishing attacks 10 times greater than the previous quarter in 2021. Notably, a combination of brand, executive, and employee impersonation attacks accounted for 54.7 percent of all social media attacks on the cryptocurrency sector. Threat actors are impersonating cryptocurrency businesses to confuse customers and cash in on the sector’s skyrocketing growth in a medium where a majority of the industry’s communications takes place.
- Social media an increasing attack vector for enterprises: Since the beginning of 2021, the average business experienced approximately 34 attacks on social media per month. However, by June this number rose closer to 50, representing a 47 percent increase through the first half of 2021.
- Office365 a clear target: Office 365 phishing is the top email threat to corporate users. Fifty-one percent of credential theft attacks found in corporate inboxes during the second quarter targeted O365 accounts.
- Single sign on is increasingly attractive to bad actors: Notably, the report shows an increasing pattern of threat actors targeting accounts used for single sign-on (SSO). Forty-five percent of phishing sites targeted accounts that are commonly used for SSO.
- Ransomware drives shift in email payloads: On the flip side, there is a constant shifting of payload families, with a strong correlation to trends in ransomware. Qbot was the leader in the second quarter of 2021, making up 54.1 percent of the payloads encountered, followed by ZLoader (which declined sharply from Q1, possibly due to association with the Darkside ransomware group which claimed to be shutting down following the Colonial Pipeline attack in May).
“These core findings paint a very specific picture of what bad actors are turning to in order to infiltrate corporate accounts. For one, as they’ve gained prominence, crypto exchanges are being targeted with many of the same cyber threats that larger, more established financial institutions have faced for years. Crypto firms need to be aware of and better prepared to deal with online impersonation and other scams,” says LaCour.
“Additionally, the continued increase in SSO attacks suggests that criminals recognize that compromising an account used for SSO can give them access to many more secondary accounts that trust the SSO account for authentication. This makes these platforms a highly rewarding target, especially if they gain access to Office365 at the enterprise level. An in-depth approach combining technology, user education and operational processes are needed to combat this trend.”
Additional trends
- Ongoing use of HTTPS-based attacks, which comprise 82 percent of phishing attacks, demonstrating that HTTPS alone is not enough to trust.
- The growth of vishing scams.
- Increase in abuse of tunneling services.
- The continued abuse of free email accounts such as Gmail and Hotmail to launch phishing attacks.