Security Experts:

Office 365, Outlook Credentials Most Targeted by Phishing Kits

Phishing attacks have become more targeted and sophisticated and also show a focus on enterprises, cloud-based Internet security services provider Cyren says.

After analyzing 2,025 phishing kits during the second half of the year, Cyren’s security researchers were able to identify not only the most used phishing kits, but also key trends in the phishing industry.

In recent years, the malware industry as a whole has welcomed less skilled actors through the emergence of various malware-as-a-service business models. The proliferation of such services has driven the number of malicious attacks upwards, and the trend is expected to continue.

There has been a significant increase in mobile attacks in the past years and the phishing sector is no different, and Cyren confirms this in a report published today.

A new generation of highly professional phishing kits makes phishing easy, providing even technically unsophisticated would-be criminals with the necessary tools, services and support to launch targeted attacks, thus leading to an overall surge in the number of phishing incidents.

The researchers also noticed that the professional phishing industry is prioritizing enterprise attacks, although consumers and consumer brands still bear the brunt of most phishing activity.

According to Cyren, low-level criminals are encouraged to take on some of the biggest brands because the five most used phishing kits are high in volume, highly targeted and highly sophisticated. With adversaries looking to penetrate enterprises to maximize gains, the phishing-as-a-service market is meeting demand.

During the third and fourth quarters of 2018, Microsoft Office was the brand targeted the most by phishing kits, attracting 25.4% of assaults. At 17.2%, Yahoo was the second most targeted, followed by PayPal at 17.1%. Dropbox (9.8%) and Apple (5.0%) rounded up top five most targeted brands.

Applications most targeted by phishing kits

The phishing kit used the most during the second half of the year was a multi-brand kit that mainly targets Office 365 and Outlook credentials, but which also supports spoofed pages for AOL, Bank of America, Chase, Daum, DHL, Dropbox, Facebook, Gmail, Skype, USAA, Webmail, Wells Fargo, and Yahoo.

The second most popular phishing kit in the timeframe also targets Office 365, Cyren says. This tool, however, was specifically built for Office 365 phishing and packs built-in techniques to evade detection, including blocking IPs and security bots, as well as user agents to hide from phishing defenses.

A PayPal phishing kit has emerged as the third most used, and employs new levels of sophistication, with several evasive techniques, the researchers say.

Fourth in line comes a multi-brand phishing kit that can target almost anything from lifestyle brands to data, banking and email credentials, and more. Apple, Netflix, Dropbox, Excel, Gmail, Yahoo, Chase, PayPal and Bank of America are among the targeted brands.

“This one-stop shop for many of the most-targeted brands also includes significant sophistication to avoid detection – it analyzes and blocks specific IPs, hosts, user agents, and offline browsers in order to make it harder to detect,” Cyren notes.

Rounding up top five phishing kits for the second half of 2018 is a Dropbox-targeting kit meant to aid in enterprise phishing attacks, where context and credentials are of highest importance, the security researchers reveal. Such attacks target credentials both to access enterprise files and to attempt to compromise other enterprise accounts.

Related: Phishers Use 'ZeroFont' Technique to Bypass Office 365 Protections

Related: Phishers Use New Method to Bypass Office 365 Safe Links

view counter