As part of either impersonating known brands or simply leveraging credible cloud services, the use of a web page as part of an attack has become a staple for threat actors.
According to security vendor Bolster’s 2022 State of Phishing & Online Fraud Annual Report, there were over 10.5 million pages built in 2021 by cybercriminals to trick victims into giving up credentials, banking details, or personal information. That equates to just under 890,000 pages a month!
What’s really disturbing is the overwhelming focus on tech companies as victims; according to the report, the number one vertical targeted was the Technology sector, representing 30% of all attacks. What makes this disturbing is the growth in supply chain attacks (e.g., the Solarwinds attack early last year) that could give hackers entrée into a vendor that would potentially provide access to thousands of customer networks.
To accomplish this, cybercriminals are continuing to impersonate some of the most well-known brands. According to the report, the top brands impersonated are Microsoft, Facebook, Amazon, Apple, Adobe, and Netflix – with Microsoft being so dominant that they outpace the total of the others combined! The malicious web content is also being hosted with reputable providers including: Cloudflare, Google, and Amazon. And emails are being sent predominantly (72% of the time) via Gmail.
All of this is done to trick security solutions into thinking because the hosting, the domains, and the email platforms are all credible, that the phishing and scam emails must be equally credible.
This leaves the user as the last line of defense – where Security Awareness Training is the proper layer to be put into place, educating users on how to identify scams with a heightened sense of vigilance. By implementing this layer, emails and web content that make their way past security solutions will be spotted and stopped in their tracks by users – well before the content has any ability to do damage.