Phishing Sites Reached All-Time High In January 2021 (therecord.media) 5
The number of active phishing sites hit a record number earlier this year in January, according to an industry report published this week by the Anti-Phishing Working Group (APWG). The Record reports: A total of 245,771 phishing sites were detected in January. The number represents the unique base URLs of phishing sites found and reported by APWG members. The APWG is an industry coalition made up of more than 2,200 organizations from the cyber-security industry, government, law enforcement, and NGOs sector, which includes some big names such as Microsoft, Facebook, PayPal, ICANN, AT&T, Comcast, Digicert, Cloudflare, Cisco, Salesforce, RSA, Verisign, ESET, McAfee, Avast, Symantec, Trend Micro, PhishLabs, Agari, Cofense, and many others. APWG experts noted that while the number of phishing sites declined in February, the next month, in March, the number of phishing sites jumped above 200,000 again, amounting to the fourth-worst month in APWG's reporting history.
The industry vertical most targeted in phishing attacks in Q1 remained the financial sector, which saw almost a quarter of all phishing attempts. Second was social media, with cybercrime groups attempting to hijack social media accounts to resell online on specialized marketplaces, according to the APWG report (PDF). Furthermore, around 83% of all phishing sites seen in Q1 2020 were also hosted on an HTTP-based connection. This finding reinforces a piece of well-known cybersecurity advice that if a website is loaded via HTTPS, it doesn't mean it's secure, but merely that its traffic can't be easily intercepted.
The industry vertical most targeted in phishing attacks in Q1 remained the financial sector, which saw almost a quarter of all phishing attempts. Second was social media, with cybercrime groups attempting to hijack social media accounts to resell online on specialized marketplaces, according to the APWG report (PDF). Furthermore, around 83% of all phishing sites seen in Q1 2020 were also hosted on an HTTP-based connection. This finding reinforces a piece of well-known cybersecurity advice that if a website is loaded via HTTPS, it doesn't mean it's secure, but merely that its traffic can't be easily intercepted.
83% HTTPS! (Score:3)
The source article contains a small typo with a HUGE difference in meaning. 83% use HTTPS, not HTTP!
From the original report (PDF):
"The first quarter of 2021 was the first quarter in which we did not see an
increase in the number of phishing sites using SSL. The percentage has leveled off at about 83 percent for
two quarters in a row.”
Re: (Score:1)
Wonder how many of them are certificates by Lets Encrypt. For a time, Lets Encrypt was like 99% phishing sites. One could imagine that simply deleting that certificate could prevent a lot of attacks.
Of course, if it was a commercial CA, we'd demand that the CA be shut down and we'd delete their root certs. But since it's Mozilla, they get a free pass.
Why is NameCheap and others even allowed...? (Score:2)
It seems to me that this requires exactly the same sort of response that various email-spam Internet-Blacklists have: simply do not accept traffic from any DNS name hosting provider that effectively acts as co-conspirator to these threat-actors. Weave it into the Linux DNS protocol resolution (dnsproxy, etc) if you have to.
Yes, of course this will inflict collateral damage to innocent bystanders using these services. That's the point. Legitimate sites will soon enough realize who they've been in bed with,