Phishing kits are growing more sophisticated as their life spans grow shorter: More than 60% of kits monitored were active for 20 days or less, Akamai researchers found in a new report on the threat. All the while, attackers rely on enterprise-based strategy to fuel their criminal business.
High-profile tech companies were the hottest phishing targets, they found in their latest "State of the Internet" research, published today. Microsoft was the most affected brand, with 62 kit variants across 3,897 domains targeting Microsoft users. PayPal fell in second place (14 kit variants across 1,669 domains), followed by Dropbox (11 kit variants across 461 domains).
Researchers followed the life cycle of each kit from the first time it was observed until the kit stopped triggering detection rules. "The fact that the average life cycle of a kit is only 20 days — from the time it goes live until it's detected and pulled offline — shows a lot of proactiveness on the part of security teams and defenders," says Akamai security researcher Steve Ragan.
The window of opportunity for most phishing kits is growing smaller. In a 60-day period, researchers observed more than 2 billion unique domains commonly associated with malicious activity. Of those, 89% had a lifespan of less than 24 hours; 94% lasted less than three days. Short-lived top-level domains (TLDs) (for example, .gq, .loan, .tk) have a median lifespan of 24 hours. Availability of cheap name registration for TLDs such as these is a "boon to criminals," researchers say, as it makes detection by defenders more difficult as the names so briefly live in traffic.
For phishing kits, age is more than just a number. New domains, less than a month old, are often flagged by secu ..
Support the originator by clicking the read the rest link below.
