E-Threats

Phishing surges, file-sharing takes lead as most targeted industry of Q1

goldfish and euro money showing finance or investment concept

Phishing through file-sharing services has soared in the past three months, making cloud-based file distribution services the most targeted sector of the first quarter of the year, Bitdefender found. Globally, file-sharing is being used to spread phishing scams more than the retail and payment industries, the traditional favorites of hackers.

Almost one in five malicious URLs uses a file-sharing service to deliver malicious payloads to users, recent Bitdefender data shows.

chart1

Fig. 1 The Top 10 Most Targeted Industry Sectors for Internet Phishing

What the technique lacks in innovation is compensated for by the ease of use and popularity of consumer-grade sharing services. In the past year, Dropbox reached 400 million users who stored 35 billion Microsoft Office files, while Google Drive had 190 million in 2014.

As importantly, file-sharing and cloud storage services lack security features to filter harmful content. This helps attackers hide their malware-infected files without a trace.

For instance, Dropbox does not look at files held in users’ private folders. However, it has managed to implement a hash-based system that recognizes copyright content. This works by automatically generating hashes for files, which are matched against a list of copyrighted hashes and blocked only if users try to share them to external contacts.

Not surprisingly, Dropbox ranks 4th in the list of the most-spoofed brands, after PayPal, Apple and Google.

chart2

Fig. 2 The Top 10 Most Targeted Brands for Internet Phishing

The typical infection flow goes like this: the user receives a genuine-looking email that advises users to click on an embedded link to view an attached document. The link redirects the user to a phishing page hosted on the provider’s domain. The page asks for the user’s credentials, then captures and sends the data to cyber-criminals over SSL. SSL certificates ensure data on a website is submitted in a secure manner, but they do not guarantee the site itself is safe. Thus, hackers are taking advantage, buying cheap SSL certificates and using them on phishing websites to appear legitimate.

chart3

googledocs

Figures 3 & 4. Phishing Emails Impersonating Popular File-sharing Services

Scammers are usually after more than just cloud storage credentials; the malicious URLs can trick users into downloading file-encrypting ransomware, for instance. And the hazard has become significantly more serious as new ransomware iterations can seize control over files stored on cloud services.

Most phishing sites are hosted in the US.

“Phishing remains a highly effective attack vector that is responsible for an increasingly significant percentage of data loss incidents affecting both end users and companies,” says Bogdan Botezatu, Bitdefender’s Senior E-Threat Analyst.

Key takeaways

  1. Phishing is still a highly efficient technique. The IRS recently warned it has seen a “dramatic” 400% increase in official-looking text and email messages stuffed into inboxes in 2015.
  2. It has serious consequences for companies. If an employee falls victim to a spear-phishing email, he can unknowingly compromise the entire corporate network, including bank accounts, computer system passwords and work credentials. Spear-phishing is effective because it is believable, so we advise users to avoid over-sharing personal information on public platforms and of course, opening links and files from unknown sources.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *