How devastating phishing attacks have dominated first half of 2017


Last December, we proclaimed 2016 to be the year in which phishing went mainstream. Fast-forward just six months into 2017, and it already appears that phishing will have an even greater impact on the world by year’s end.

While we await the official Q1 and Q2 phishing reports from the Anti-Phishing World Group, other organizations have recently released important information showcasing phishing’s prevalence so far in 2017. In Q1 alone, Kaspersky Labs products “blocked 51 million attempts to open a phishing page.” Interestingly, the same report found that one out of every eight phishing attacks during the same time period targeted a financial services company.

Mobile ransomware attacks, which are most frequently delivered via SMS text phishing (aka smishing), is up 250% since January, according to Newsweek. And perhaps what’s most astonishing is that people continue to open phishing emails regularly. According to Verizon’s recently released 2017 Data Breach Investigations Report:

“1 in 14 users were tricked into following a link or opening an attachment —and a quarter of those went on to be duped more than once. Where phishing successfully opened the door, malware was then typically put to work to capture and export data—or take control of systems.” 

With six months to go in 2017, it’s a safe bet that we’ll witness many more phishing, spear-phishing and email spoofing attacks across the world. In the meantime, here’s a look back at the top ten most notable, and damaging, phishing attacks of 1H 2017.

  1. Qatar Under Siege – This Gulf nation of 2.3 million people and host of the 2022 World Cup wasn’t impacted by one major phishing attack in Q1 2017; rather, its businesses and residents were hit with more than 93,570 phishing events in the three-month span. Such attacks leveraged both email and SMS texts as attack vectors.
  1. Smishing in the Czech Republic – According to SC Magazine, a phishing campaign is “faking texts from the Czech Republic’s postal service, hoping to trick Czech device owners into downloading a malicious app containing a Trojan horse designed to steal credit card information and commit other malicious activities.” The full extent of damages is not yet known.
  1. Business Email Compromise (BEC) Attack Hits 50 Countries – This Nigeria-based attack targeted more than 500 businesses, primarily industrial companies, prompting employees to download a file entitled “Energy & Industrial Solutions W.L.L_pdf.” Once downloaded, the unknown adversary injected malware used to gain unauthorized access to company networks and information.
  1. Chipotle’s Phishy February – An Eastern European cyber-criminal group sent “malware laden” emails to Chipotle staff. After forensic review, the hackers compromised the POS systems of most Chipotle locations, using the breach to obtain customer credit card data from millions of people.
  1. Amazon Ransomware Attack – In January, hackers attempted to access sensitive payment information by creating deals that looked “legitimate.” When buyers went to purchase discounted items, the transaction would appear as no longer available, promoting shoppers to input information that was later used against them.
  1. Ukrainian Accounting Firm Exposes World to Petya – By the time December rolls around, this phishing attack may rank as one of the year’s most damaging. In June, a Ukrainian FinTech company, MeDoc, was breached, and its systems were injected with malware. Through a Microsoft vulnerability, the malware spread across the globe – impacting hundreds of organizations in Russia, Europe, India and the United States.
  1. Google & Facebook Taken for $100 Million Each – After months of uncertainty, the U.S. Department of Justice (DOJ)announced the arrest of a Lithuanian man for allegedly stealing $100 million from two U.S.-based tech companies. The attacker targeted attack successfully used a phishing email to induce employees into wiring the money to overseas bank accounts under his control.
  1. IRS W2 Tax Season Spear-Phishing Scam – In the United States, a spear-phishing attack proliferated at the beginning of tax season involved attackers sending fake emails – appearing to be from corporate executives – that requested personal information from employees for tax and compliance purposes. As of mid-March, the attack had compromised more than 120,000 people at 100 organizations.
  1. Google Docs Hacked – Work came to halt for 3 million people worldwide in May when phishers were caught sending fraudulent email invitations to edit Google Docs. When opening the invitation, people were brought to a malicious third-party app, which allowed the adversaries to access people’s Gmail accounts.
  1. WannaCry Shuts Down Business in 180 Countries – What might go down as one of the worst cyber attacks in history, the WannaCry ransomware attack is suspected of having impacted more than 230,000 people in 150 countries. While debate remains as to whether or not email phishing was the primary attack vector, researchers believe it’s likely one that was used.

These events, among many others, reiterate that targeted phishing attacks are bypassing secure email gateways/spam filters and going undetected for weeks and sometimes even months. As such, spear phishing, email impersonation and spoofing are major catalysts for the rise of CEO fraud and business email compromise (BEC) attacks, because some people, regardless of awareness training, still click on phishing emails.

Not to mention, malicious emails sitting in employee inboxes are not being dealt with fast enough, and security teams are under staffed and overburdened by hundreds of daily reported security events to deal with manually. Many applications require an army of highly-trained SOC/Security specialists to handle their system.

IRONSCALES is a leader of anti-email phishing technologies. By combining human awareness training with machine learning solutions that consistently talk to each other, IRONSCALES reduces the time from phishing attack discovery to enterprise-wide remediation from months to seconds, with very little security team involvement. By partnering with IRONSCALES, companies benefit from:

  1. Robust Detection and Prevention
  2. Automated Incident Response
  3. Unprecedented Threat Intelligence
  4. Orchestration
  5. Automated Forensics
(Reproduced from IRONSCALES blog).