Connect with us

Expert Speak

Every Day is Phishing Season

Published

3 years ago

on

Josh Goldfarb, Fraud Solutions Architect for EMEA and APCJ at F5, on why you can’t afford to ignore a well-known and growing menace

If a burglar wanted to gain entry to your home, they could force their way in – perhaps by picking a lock, breaking a window, or some other means.  If a neighbor heard noises or saw strange activity, they might call the police.  This might result in the burglar getting caught, of course.

On the other hand, the burglar could try to convince you to hand over your keys willingly.  Perhaps by posing as a delivery or repair person or inspector, or by telling a plausible story.  If the burglar can get their hands on the keys, they can simply walk right in – as if they are doing so legitimately, and no one suspects a thing.

In the digital world, phishing is how burglars (cyber criminals) gain entry into your home (your critical systems and sensitive data).  Successful phishing attacks provide attackers with stolen credentials that allow them to simply ‘walk into’ your business and gain access to the targets they have set their sights on.

How come phishing is so effective?  Well, for starters, phishing attacks have evolved significantly in recent years.  Whereas they once were primitive, full of typos, and not particularly convincing, nowadays, even experts have trouble distinguishing phishing emails from legitimate emails.  Phishing sites also look remarkably like the legitimate ones they are designed to imitate.  It is no wonder so many users are fooled into providing their credentials to the attackers. In other words, handing over their keys willingly.

As many businesses continue to go through a digital transformation, the use of this method of attack has greatly accelerated, and the resulting damage spreading.  An increased online presence means a bigger online attack surface and risk.  Attackers don’t need to devise complex schemes to force entry into businesses these days – they can merely invest in convincing unsuspecting users to hand over their valid credentials.

That said, what can businesses do to protect their online applications from security and fraud incidents?

Simply rooting out phishing sites is not enough to combat credential theft.  Attackers can create phishing sites with ease.  When we take one down, another one pops up elsewhere.  This can often devolve into a never-ending battle of attrition that rarely makes our online applications more secure or protects them from fraud.

Instead, if we assume that a certain percentage of our legitimate users will fall prey to phishing attacks and will have their credentials stolen, we can adapt accordingly.  When we shift our perspective and take this approach, we realize that identifying and mitigating security and fraud attacks that result from credential theft becomes one of our main focuses.  Adapting our approach helps us to protect our online applications from the array of phishing attacks that are likely being launched against them on a regular basis.

There are likely many approaches we can take to mitigate risk due to credential theft.  Here are a few of them:

  • Eliminate automation. Attackers build databases of stolen credentials that they amass from a variety of sources, phishing among them.  Those stolen credentials are often tested in bulk using bots.  The credentials that are valid are then often used to commit Account Takeover (ATO) and manual fraud.  Eliminating these automated attacks not only mitigates this risk, but it also reduces infrastructure costs going to undesired non-human (bot) traffic.
  • Stop ATO. Attackers that can leverage valid stolen credentials to log in to stolen accounts and masquerade as legitimate users can use that access to commit fraud.  This manual fraud, of course, results in losses incurred by businesses that fall victim to these incidents.  Detecting and mitigating Account Takeover (ATO) stops these fraud losses, saving businesses money.
  • Reduce friction. Increased risk of fraud often results in businesses instituting more stringent authentication and Multi-Factor Authentication (MFA) requirements.

Unfortunately, this approach adds friction for legitimate customers without significantly reducing fraud losses.  Attackers are resourceful, motivated, and adept at finding workarounds.  If we can reliably identify automation and manual fraud, we can also reliably identify desired legitimate traffic.  Once we know the traffic we want, we are less likely to inconvenience legitimate customers and can focus on stopping the attackers instead.

Phishing attacks are here to stay and will likely continue to increase in number.  Fortunately, we have the means to combat them. By zeroing in on the risk of credential theft, businesses can focus their efforts on reducing losses due to security and fraud incidents.  While there is no way to mitigate all risk, taking steps to eliminate automation, stop ATOs, and reduce friction can ensure that businesses keep a steady stream of revenue from legitimate customers while reducing losses from bots and fraud.

Related Topics:
Continue Reading

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

4 weeks ago

on

April 23, 2025

By

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

2 months ago

on

March 25, 2025

By

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

2 months ago

on

March 8, 2025

By

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.