Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, PII, and user accounts. Any angle they can play to get their victims to enter their information, they’ll use.
In this roundup, we’ll detail the trends in phishing activity as observed by RiskIQ over Q3 of 2017. The data contained within this report comes from internally blacklisted resources aggregated by the RiskIQ team. Understanding the latest phishing techniques and threat actor tendencies helps us position our customers to stay one step ahead of phishing threats targeting their organizations.
The report will focus on:
In Q3, RiskIQ observed 931,665 unique blacklisted phishing URLs. Of these, 27,868 were unique domains, which is down from the 39,320 unique domains we detected in Q2. In fact, overall detections are down slightly in Q3, which is reflected in our brand detection data. RiskIQ observed a total of 279 brands targeted by phishing campaigns over the Q3 period, down slightly from the 316 brands in Q2.
It should be noted, however, that the nature of phishing campaigns is cyclical and that fewer detections are not due to missed detections. While the method and frequency of these phishing campaigns vary as seen through our data, the threat remains constant.
However, one constant is the top 10 brands being observed, all but three of which are the same between Q2 and Q3. Financial services and digital transaction brands continue to be favorite targets, which is not surprising as threat actors involved in phishing campaigns attempt to trick users into providing sensitive data, which these companies collect in spades. As far as the new top-10 brands, two are large financial institutions, and the third is a social media platform. The breakdown of the Q3 top-10 brands is as follows:
Despite the differences in detection amounts between Q2 to Q3, GoDaddy and PublicDomainRegistry continue to be the most affected of the top-five registrars.
There are two types of phishing sites: those that use compromised websites and those that use malicious registrations. Regarding the latter, one noteworthy trend from Q2 that continued in Q3 was the rise of privacy-protected registrations used in malicious registrations, which we observed throughout our data. We also noticed several syntax patterns in our registrant email data, such as threat actors registering phishing domains with throwaway emails that follow similar syntax patterns—first initial and last name for example. However, RiskIQ also noticed less obvious, high-entropy patterns that are more difficult to spot such as randomly generated alphanumeric strings that all use the same amount of characters.
Fig-1 PublicDomainRegistry takes over the #1 spot
Fig-2 Aside from a little reshuffling, the top-five domain registrars are largely the same
As in Q2, the hosting provider with the highest amount of affected URLs was an outlier in our data. This time around, hosting provider Ecotel supplanted Zenedge LLC, as the leader. As with the rest of the Q3 data, the hosting provider data is indicative of overall detections being down.
Fig-3 Another outlier leads the pack
Fig-4 Zenedge went from leading in Q2 to out of the top-five altogether in Q3
RiskIQ provides access to our unique phishing detection capabilities with our External Threats product line. Knowing your phishing risk is only half the battle; External Threats offers real-time monitoring and web enforcement capabilities to help you protect your organization’s assets with RiskIQ’s industry-leading security intelligence.
Also, be sure to check out RiskIQ’s Q3 Mobile Threat Landscape.
What are the keys to a Modern Vulnerability Risk Management Program? On Tuesday, @joshuamayfield and @josh_zelonis will examine why defending your organization's digital attack surface starts with being able to discover unknowns and investigate threats: https://t.co/kCxgPW0Ckb
IGNITE is just 10 days away! RSVP now to kick off #RSAC and party with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ: https://t.co/hnlh0UhHEo
The largest UK #GDPR fine was £183m in 2018 as B.A. booking website was hit by Magecart ccard skimming code. @RiskIQ worked with https://t.co/E3JRdvCMWA and Shadowserver to take down the malicious domains. https://t.co/iiH69vbKFK
The theme of this year's @cctxcanada 4th annual collaboration event is "Give and Take: Why helping others drives our success." RiskIQ's Geoff Roote explains the modern Internet Attack Surface and why defending the web is a collaborative community effort.