Ninety percent of consumer-focused phishing attacks targeted financial institutions, cloud storage/file hosting sites, webmail and online services, ecommerce sites and payment services in 2015, according to PhishLabs' 2016 Phishing Trends & Intelligence Report.

The good news that came out of the Charleston, S.C.-based PhishLabs' report was the share of overall phishing volume at financial institutions (including payment services firms) declined in 2015. However, it is still the most targeted industry, with 31% of attacks targeting it.

PhishLabs analyzed more than one million confirmed malicious phishing sites in 2015. These sites resided on more than 130,000 unique domains.

”Exploiting the human vulnerability continues to be the most attractive and successful path for threat actors targeting the assets of organizations and individuals,” the report revealed.

For this reason, phishing is the attack method of choice across the adversary spectrum for both novice cybercriminals and advanced cyber operations, PhishLabs said. In addition, techniques for evading automated detection of phishing attacks and preventing analysis of attack components are becoming more commonplace, even among less sophisticated threat actors.

Another key finding in the report was that spear phishing remains the primary initial attack vector used by advanced, persistent threat actors.

In addition, the number of organizations targeted through business email compromise spear phishing attacks grew in 2015, as threat actors refined BEC techniques and sought new victims. More than one fifth, 22%, of spear phishing attacks analyzed in 2015 were motivated by financial fraud or related crimes.

There was also a distinct increase in the percentage of phishing attacks targeting cloud storage and file hosting sites, webmail and online services, and ecommerce sites last year. Phishers focused heavily on online services and ecommerce companies during the holiday season, while other sectors saw a decline in attacks.

Half of all drop email accounts fraudsters use to receive credentials stolen via phishing are Gmail accounts, making Gmail the top cyberattacker webmail service, according to the report. Social media is also a primary promotion and distribution channel for consumer-focused phishing kits.

The business community is definitely on cybercriminals' radar: Over the course of 2015, PhishLabs identified 893 brands from 593 companies targeted through consumer-focused phishing attacks.

As of March 15, the number of breaches captured in the San Diego-based Identity Theft Resource Center's breach report totaled 155 for 2016, up 4.7% from last year's record pace for the same time period (148). The business sector represented almost half of the breaches at 45.8%.

The ITRC report's breakdown of other sectors included medical/healthcare at 34.2%, educational at 11.6%, government/military reporting at 5.8% and banking/credit/financial at only 2.6%.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).