Cybercriminals use enterprise-grade tools to mount phishing attacks

We know that cybercrime is increasingly a very serious business and a new report from Akamai Technologies reveals that enterprise-based development and deployment strategies are being used to create phishing attacks.

Tools such as phishing as a service (PaaS) are being used to leverage some of the world's largest tech brands, with 42.63 percent of domains observed targeting Microsoft, PayPal, DHL, and Dropbox.

The report also shows that phishing is no longer just an email-based threat, but has expanded to include social media and mobile devices, creating a wide-reaching problem that touches all industries. This evolving methodology continues to morph into different techniques, one of which is business email compromise (BEC) attacks.

"Phishing is a long-term problem that we expect will have adversaries continuously going after consumers and businesses alike until personalized awareness training programs and layered defense techniques are put in place," says Martin McKeay, editorial director of the State of the Internet/Security report for Akamai.

Cybercriminals are targeting top global brands and their users across various industries using highly-organized and sophisticated phishing kit operations. During the research period, with 6,035 domains, and 120 kit variations, high technology was the top industry targeted by phishing. Financial services, with 3,658 domains and 83 kit variants, is the second most-targeted industry. E-commerce (1,979 domains, 19 kit variants) and media (650 domains, 19 kit variants) rounds out the list.

In all, more than 60 global brands were targeted during the reporting period, with Microsoft, PayPal, DHL, and Dropbox topping the list when it came to phishing. Microsoft takes up 21.88 percent of total domains (3,897 domains and 62 kit variants), PayPal 9.37 percent (14 kit variants), DHL 8.79 percent (seven kit variants) and Dropbox having 2.59 percent (11 kit variants).

The report also looks at a research project that followed the daily operations of a phishing-kit developer offering three types of kit with advanced evasion techniques, design, and geo-targeting options. The low prices and top-tier brand targets in these kits mean a low-barrier for entry into the phishing market for criminals looking to set up shop with minimal need for tech expertise.

"As the phishing landscape continues to evolve, more techniques such as BEC attacks will develop, threatening a variety of industries across the globe," McKeay adds. "The style of phishing attacks is not one size fits all; therefore, companies will need to do due diligence to stay ahead of business-minded criminals looking to abuse their trust."

The full report is available from the Akamai site and there will be a webinar to discuss the findings on October 31 at 11am ET.

Image credit: Alex Ronsdorf/Unsplash