Security professionals are increasingly worried about phishing attacks, as a report revealed a 38% quarterly increase. The Q2 2015 CYREN Cyberthreat Report details an increasing number of sophisticated phishing attacks specifically designed to access corporate information.
Beyond heavily-phished domains including PayPal, Gmail and Apple, CYREN security analysts probed other campaigns designed to mine key financial details, or other valuable intelligence, from unsuspecting companies.
These phishing attacks are placed in two categories – Indirect and Direct. In the former, cyber-criminals deploy a series of attacks to create successful phishing campaigns – usually adding information from other external sources, with LinkedIn one such example.
These attacks could see an employee using their personal Apple device deceived into revealing their iTunes log-on and details, which could ultimately enable the criminals to obtain other key data. Meanwhile, staff with cloud-based company email – including those using Office 365 or Gmail accounts – could be phished, giving attackers a plausible looking platform via which they can deliver malicious emails.
Direct Phishing Attacks see cyber-criminals seeking login details for company systems. CYREN security analysts found numerous incidences of phishing attempts to uncover Outlook credentials. It said these credentials are often used for business domain logins, allowing them access to other private information.
CYREN CTO Lior Kohavi noted an emphasis change from cyber-criminals away from mass-distribution attacks, which seek speedy revenue gains, to the implementation of specific threats – targeted more directly – and warned that these are much more dangerous – and potentially catastrophic – because of it.
He noted that this sea change flags up another issue with traditional security tools, in that they were designed at a time when it was sufficient to respond to effective reproductions of previous threats, and not in the current landscape time of ever-more evolved and sophisticated criminal technology.