APWG Q2 Report: Cybercrime gangs attempting and achieving Heists of greater scale
August 2020 by APWG
The APWG’s new Phishing Activity Trends Report for Q2 2020 details how companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing. The organizations perfecting these criminal enterprises now include a sophisticated Russian cyber-gang, in addition to the West African scammers who have traditionally perpetrated BEC attacks.
© Sebastian Kaulitzki
APWG contributor Agari reports that the average wire transfer loss from BEC attacks smashed all previous frontiers, spiking from $54,000 in the first quarter to $80,183 in Q2 2020 as spearphishing gangs reached for bigger returns. Agari also found that scammers requested funds in 66 percent of BEC attack in the form of gift cards, which are easier to cash out. During the second quarter of 2020, the average amount of gift cards requested by BEC attackers was $1,213, down from $1,453 in the first quarter of 2020.
Agari also studied the movements of a BEC gang in Russia that it calls Cosmic Lynx. “We were expecting that Russian cybercriminals would move into the world of BEC because the return on investment for basic social engineering attacks is much higher than launching more sophisticated (and more expensive) malware-based attacks,” said Crane Hassold, Agari’s Senior Director of Threat Research. The average ransom demanded by Cosmic Lynx in its attacks runs to an astounding $1.27 million.
In other news, the number of phishing sites detected in the second quarter of 2020 was 146,994, down from the 165,772 observed in the first quarter. Phishing that targeted webmail and Software-as-a-Service (SaaS) users continued to be biggest category of phishing. Attacks targeting the Social Media sector increased in Q2 about 20 percent over Q1, primarily driven by targeted attacks against Facebook and WhatsApp. After an explosion in 2019 and into the first quarter of 2020, phishing in Brazil dropped back slightly.
Abuse of Web security infrastructure reached a grim new plateau in Q2 2020, as well, with APWG contributor PhishLabs reporting that nearly 78 percent of all phishing websites employ SSL/TLS certificates as part of the deceptive schemes they use to lure in users and gain their confidence.
In addition, PhishLabs founder and CTO John LaCour observed, “The vast majority of certificates used in phishing attacks — 91 percent — are Domain Validated (“DV”) certificates. Interestingly, we found 27 web sites that were using Extended Validation (“EV”) certificates” – by hacking websites that already had them legitimately installed.
Read the full text of the report here: http://docs.apwg.org/reports/apwg_t...