Cyberattacks launched against the enterprise which makes use of the HTTPS protocol are increasing alongside spoofing and cloud-based threats, new research suggests.
According to FireEye’s Q1 2019 Email Threat report, released on Tuesday, there has been a 26 percent increase in the use of malicious URLs made to appear legitimate through HTTPS, quarter-on-quarter, while the popularity of the traditional malware-laden email attachment is steadily falling.
“This indicated malicious actors are taking advantage of the common consumer perception that HTTPS is a “safer” option to engage on the Internet,” FireEye says.
HTTPS is an updated version of HTTP which makes use of encryption and a security certificate which is validated by your browser on request when visiting a website implementing the system. Services including email providers, banks, and e-retailers will use the protocol which has now become synonymous with trustworthiness and legitimacy.
However, unsavory web developers are able to use HTTPS, too, through free, stolen, or fake security certificate issuers.
The report, based on the analysis of 1.3 billion emails, further suggests that phishing attacks have risen by 17 percent over Q1 2019. In total, almost 30 percent of all detections impersonate well-known brands including Microsoft, OneDrive, Apple, Amazon, and PayPal.
Nested emails, too, are appearing on the radar with increased frequency. Attackers send a phishing email which contains another email as an attachment, and it is the second message which contains malicious content. This technique, whilst not always successful, can make the detection of malware more difficult.
In addition, file-sharing services are being used more frequently in cyber attacks against the enterprise. The report says there has been a “dramatic increase” in the use of such services — including Google Drive and Dropbox — to deploy malicious payloads during phishing campaigns.
Business Email Compromise (BEC) scams have historically often involved spoofed emails and messages which impersonate the chief executives of companies to elicit funds from victim firms or to gain an entryway into corporate networks. According to FireEye, threat actors are now increasingly striking payroll departments by requesting changes to an executive’s personal information — which may include bank details — as well as through targeting weak links in the supply chain, such as by impersonating a supplier while in communication with an AP department.
“We’re seeing new variants of impersonation attacks that target new contacts and departments within organizations,” said Ken Bagnall, VP of Email Security at FireEye. “The danger is these new targets may not be prepared or have the necessary knowledge to identify an attack. Unfortunately, once the fraudulent activity is discovered, the targeted organization thinks they’ve paid a legitimate invoice when the transaction was actually made to an attacker’s account.”
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!