Unlike normal phishing attempts, the IP addresses, servers, and domain names used by the hackers appear to be leased and therefore legitimate.
Predictive e-mail defense company Vade Secure said has uncovered a new wave of phishing attacks that targeted 550 million email users globally in Q1 of 2018, pushing incidents of phishing past malware attacks on its trackers.
Whilst the rise in phishing attacks has been well-reported, they are typically made from pirated websites, but as Vade notes, for this attack the IP addresses, servers, and domain names used by the hackers appear to be leased and therefore legitimate.
“Because the cost of the infrastructure is high, amounting to several tens of thousands of dollars, the attack is most likely being undertaken by a serious criminal organization”, the company said, adding that in order to jam detection tools, the hackers have used tools to shorten URLs and link several hundred URLs together, in order to hide the ultimate destination address.”
The phishing attack attempts to steal users’ bank account details by offering them a coupon or discount in exchange for participating in a quiz or online contest.
“The emails masquerade as popular brands, online streaming services, and telecom operators based on the country of the recipients. Examples include Canada Pharmacy in the US, as well as Orange and Carrefour in France. Moreover, the content of the messages is adapted according to the local language.”
As a result, the attack was not detected by many existing email security solutions the company said, adding that it validates findings from Gartner that “advanced threats are easily bypassing the signature-based and reputation-based prevention mechanisms that a secure email gateway (SEG) has traditionally used.”
Lately, malware and ransomware have garnered the lion’s share of media attention thanks to a string of high-profile attacks, including the Quant Loader trojan, the resurgence of Wannacry, and the ransomware attack that crippled the city of Atlanta. Not surprisingly, Google Trends analysis reveals that web searches for malware have consistently outpaced those for phishing over the last 12 months, at nearly two to one:
“What’s fascinating is that despite all the hype surrounding malware and ransomware, phishing attacks are actually the bigger, more immediate threat to both consumer and corporate email users. According to data from the Vade Secure Security Operations Center, the number of unique malwares caught by our filter exceeded the number of unique phishing emails throughout 2017, spiking in November 2017. With the launch of this new phishing attack in January 2018, however, the volume of phishing emails surged past malware, representing a ratio of nearly 21:1 for Q1 2018,” the company said.