Virtualization Technology News and Information
Three Takeaways from Recent Phishing Campaigns on The Threat Landscape

By Or Katz, Principal Lead Security Researcher at Akamai

The most recent Akamai State of The Internet Report states that between December 2, 2018, and May 4, 2019, over 197,000 domains were used to execute phishing attacks; moreover, 34 percent of those domains were targeting enterprise users. The report emphasizes what is already a well-known fact: phishing attacks stand out because of the rapid velocity of new phishing toolkits that are being developed, the variety of brands being abused, and volume of new phishing campaigns being launched. 

Below are the three key phenomena and trends that are reshaping the phishing landscape and illustrate how phishing attacks are evolving:


Phishing campaign distribution techniques are no longer limited to email. Threat actors are exploiting new propagation channels such as social media networks, instant messaging applications, and online file-sharing services. These channels are much more personal; they invite sharing and widespread distribution. As a result, phishing can propagate exponentially, reaching out to more victims and becoming more effective. 

Off-the-shelf phishing kits

Another known yet alarming phenomenon seen in the threat landscape is the re-use of phishing kits in the wild, buying off-the-shelf phishing kits on underground sites or using "how to" guides to build phishing kits. This creates a low barrier for new threat actors to actively participate in the threat landscape. The re-use of phishing kits is the simple explanation for the high volume of new phishing campaigns being introduced every single day and it also explains the underground scene of building, developing and reselling those phishing kits.    

Social engineering

Threat actors are using advanced social engineering techniques to make their attacks much more effective, creating a path of trust that leads to victims willingly giving away private information. In the past year, Akamai's threat research team has monitored the "three question quiz" phishing toolkit being used to target a variety of brands. This uses social engineering techniques to encourage victims to participate in a quiz that might lead to winning an appealing prize. The sad truth behind this campaign is that while every victim is a winner, no one will get the prize. The path of trust built in the campaign leads the victims to give away personal information once they have "won" the fake prize.

The phishing landscape has evolved and is not going to die anytime soon. Industrialized phishing kits, as well as the use of social networks and other non-email distribution channels are the new normal.

Humans are the weakest link in the chain and will probably continue to be that link. Phishing attacks target this link and, as a result, will continue to be effective and widely used.

Enterprises need to make sure they react to these trends and make sure phishing attacks are also being monitored, detected and blocked at the network layer. By adding such defenses to the already existing security controls, they will be able to mitigate phishing that is distributed by overlooked channels such as social networks.

Above all, enterprises need to create more awareness and educate enterprise users to think twice when they are requested to share their personal information, because at the end of the day, when users come across an email or website that seems to be too good to be true, it probably is.   

Enterprises also need to make sure the weakest link of the chain yet the most important one is continuously hardened by creating awareness and education to the lurking phishing threats out there, giving their colleagues, families and community the ability to make the right decision.  


About the Author

Or Katz 

Or Katz is a Principal Lead Security Researcher at Akamai and is the head of research for Akamai's Enterprise Threat Protector technology. Or is a frequent speaker at security conferences and has published numerous articles and white papers on threat intelligence and defensive techniques. He began his career in the early days of web application firewalls (WAFs) and currently leads the OWASP Israel chapter.

Published Wednesday, September 25, 2019 7:28 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2019>