Pandemic of phishing attacks
Wpis dostępny jest także w języku: polski
Technology and pandemic increase the scale of Internet fraud. The new F5 report shows that cyber-attacks using phishing at the peak of the pandemic have increased by 220%, and data from Security Operations Center (SOC) F5 shows that phishing is 15% higher than year-on-year.
A second wave awaits us?
This year’s F5 Lab report on phishing and online scams in 2020 shows that the pandemic period is an ideal time for many cyber criminals to scam the criminal to impersonate another person or institution in order to scam confidential information. Compared to the annual average, the number of phishing attacks increased by 220% during the peak of the pandemic. This is also confirmed by data from the Security Operations Center (SOC) F5, according to which phishing is 15% more y/y. Cybercriminals’ attacks mainly consist of sending phishing e-mails with content related to the Covid-19 pandemic. These messages impersonate various types of charities that collect funds to fight the pandemic, actually collecting credentials and sending malware.
According to F5 Lab, the number of phishing attacks may increase with the spread of the second wave of the pandemic. Cybercriminals use various types of digital certificates to increase the credibility of their actions. The report shows that the number of certificates using the terms “covid” and “corona” reached a peak in March (14,940), which is an increase of 1102% compared to February this year. 52% of cybercriminals used brand names and identities in their website addresses to obtain important data. F5 Labs indicates that in the 2nd half of 2020 the most frequently attacked brand was Amazon, and the top ten included Paypal, Apple, WhatsApp, Microsoft Office, Netflix and Instagram. WordPress sites are also gaining importance, which in 2020 accounted for 20% of phishing addresses (in 2017 they accounted for 5%).
The F5 Lab report also indicates that most of the sites used to spread phishing attacks use encryption, 72% of which use valid HTTPS certificates. In addition, 100% of drop zones – that is, destinations for stolen data sent by malware – used TLS encryption (up from 89% in 2019). Combining the 2019 and 2020 incidents, F5 Labs further notes that 55.3% of drop zones used a custom SSL/TLS port. Port 446 was used in all cases except the first. Analysis of phishing sites showed that 98.2% use standard ports: 80 for HTTP plain text traffic and 443 for SSL/TLS encrypted traffic.