The COVID-19 pandemic created many new opportunities for cybercriminals who were all too happy to take advantage. In 2020, businesses had to rapidly change their working practices to deal with national lockdowns and changed to a more distributed, remote workforce. In response, cybercriminals stepped up phishing attacks to obtain credentials to email accounts, VPNs, and remote access solutions.
The increase in email threats and phishing activity was recently highlighted by the Anti-Phishing Working Group which has been gathering data on phishing attacks from its member organizations throughout the year. Its latest report shows phishing attacks doubled in 2020, peaking in October 2020 when previous records were shattered. In October, 225,304 new phishing sites were detected, compared with under 100,000 in January 2020. From August to December 2020, more than 200,000 new phishing sites were detected each month.
Links to these phishing websites are sent in large scale phishing campaigns and many of the messages land in inboxes where they attract a click. The pandemic made that much easier for cybercriminals who expertly exploited the thirst for knowledge about COVID-19 to conduct their scams. As the year progressed other COVID-19 themed lures were used including COVID-19 relief payments for businesses, offers of early vaccines, small business loans, tax deadline extensions, and many more.
Cybercriminals often use compromised websites for hosting their phishing forms, but it is now much more common for the attackers to purchase their own domains that are tailored for each phishing campaign. These lookalike domains can easily fool individuals into believing they are on a legitimate website.
Cybercriminals have also been using encryption to hide their phishing URLs and fool employees. Hosting phishing URLs on HTTPS sites can fool employees into believing the web content is genuine, and many security solutions do not examine encrypted content which makes the URLs hard to identify and block. In Q4, 2020, 84% of phishing URLs used SSL encryption.
The increase in use of SSL encryption is a concern, as many people mistakenly believe that a site starting with HTTPS is secure when that is not the case. SSL inspection means the connection between the browser and the website is secure, which means users are protected against the interception of sensitive information, but a cybercriminal may own or control that website. The secure connection just means other cybercriminals will not be able to intercept login credentials as they are entered on a phishing site.
The problem for businesses has been how to block these threats as they grow in number and sophistication. Many businesses have previously relied on Office 365 anti-spam protections for blocking spam and phishing threats, but large volumes of these malicious emails are delivered to Office 365 inboxes. When that happens and a malicious link is clicked, they have no way of stopping employees from disclosing sensitive information.
One way that businesses can better protect against these phishing attacks is by implementing a web filtering solution with SSL inspection. WebTitan for instance can decrypt websites, inspect the content, and then re-encrypt which means malicious websites are not hidden and can be identified and blocked.
WebTitan also incorporates multiple threat intelligent feeds to ensure that as soon as a phishing URL is detected, all WebTitan users will be immediately protected. WebTitan ensures that protection is provided against emerging phishing URLs and zero-minute threats. When combined with an advanced spam filtering solution such as SpamTitan to block phishing emails at source and ensure they do not reach inboxes, businesses will be well protected against phishing attacks.