TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Holiday Phishing Trends For 2021

2021-12-17 · Read original ↗

ATT&CK techniques detected

20 predictions
T1566.002Spearphishing Link
98%
“is secure and therefore “ trustworthy. ” the use of encrypted phishing sites has steadily increased over the years. this time last year, 72 % of fraudulent websites were encrypted ; this year that figure has increased to 81 % of phishing sites. phishing links, delivered via email…”
T1566.002Spearphishing Link
95%
“& ck groups analysis the mitre att & ck knowledge base ( / content / f5 - labs - v2 / en / labs / learning - center / mitre - attack - what - it - is - how - it - works - who - uses - it - and - why # attcks _ easytomiss _ invaluable _ resources ) is a powerful resource for looki…”
T1566.002Spearphishing Link
94%
“attacks are generic and indiscriminate in nature ( on average 20 % - 30 % ), attackers increasingly use spear phishing to move laterally inside the network — once a low - level employee is compromised, it ’ s easier to phish other, more senior staff members. the iocta report corr…”
T1566.002Spearphishing Link
93%
“). the second most frequently mentioned phishing subtechnique ( 31 % ) was spearphishing link ( t1566. 002 ), with the most commonly noted link tied to downloading malware. the least mentioned phishing subtechnique ( 4 % ) was spearphishing via service ( t1566. 003 ), with social…”
T1566.002Spearphishing Link
91%
“roughly 8 % of certificates and cloudflare for about 7 %. let ’ s encrypt always takes the top spot, however, accounting for an average 41 % of certificates used on fraudulent sites. disguising urls web browsers are doing a better job at highlighting the actual domain that appear…”
T1566.002Spearphishing Link
81%
“in via phishing email. table 3 breaks down the top phishing - delivered malware seen over the year. table 3. most common malware observed in phishing attempts against f5. mitigation recommendations to mitigate the effectiveness of phishing attacks can be boiled down to three sets…”
T1566.002Spearphishing Link
80%
“phishing campaigns ( that target no specific individual, organization, or sector ) typically account for 20 % - 30 % of all fraudulent sites in any given month. the most attacked individual sites were typically facebook and office 365 / outlook, which trade the lead during any gi…”
T1566Phishing
74%
“2021 seeing the largest number of attacks in their reporting history. 1 europol ’ s 2021 internet organised crime threat assessment ( iocta ) notes that due to the growth in online shopping ( caused, in part, by the increase in working from home ), delivery services are a frequen…”
T1657Financial Theft
72%
“the krakentxy. com domain, cryptocurrency - related phishing sites still rose by 356 % in november. the sudden interest by attackers could be attributed to the increased value of many cryptocurrencies in november. bitcoin ( btc ) rose to an all - time high of $ 64, 400 for one bt…”
T1583.001Domains
71%
“be enough to fool the victim into thinking they are on their bank ’ s genuine site. table 2 shows that one company ’ s domain name, more than any other, kept showing up in phishing sites : discovercard. com. the use of profile in the path is almost exclusively related to fraudule…”
T1110.004Credential Stuffing
71%
“ensure app defenses detect credential stuffing attacks - maintain antivirus on all corporate devices - work with domain registrars and law enforcement to take down fraudulent websites - change passwords and email addresses of targeted employees”
T1566.002Spearphishing Link
68%
“holiday phishing trends for 2021 key findings - using data continuously captured by openphish, we analyzed data from may, september, and november 2021 to see how trends in attacker activity changed as the holiday season approached. - after generic ( not industry specific ) phishi…”
T1566.002Spearphishing Link
61%
“also saw a large - scale phishing campaign against cryptocurrency exchanges and wallet services : - cryptocurrency platforms experienced an almost 1800 % increase in attacks, possibly linked to the rise in the value of bitcoin at this time. - a single campaign was responsible for…”
T1657Financial Theft
55%
“threat actors to refine their tactics, allowing for more targeted and genuine - looking spear phishing and bec attacks. malicious motivations are typically driven by consumer behavior — increased online shopping in november led to a 200 % increase in fraudulent retail sites, and …”
T1566.002Spearphishing Link
48%
“be enough to fool the victim into thinking they are on their bank ’ s genuine site. table 2 shows that one company ’ s domain name, more than any other, kept showing up in phishing sites : discovercard. com. the use of profile in the path is almost exclusively related to fraudule…”
T1584.001Domains
43%
“%. delving into the raw data, it became apparent that one malicious domain stood out above the rest : krakentxy. com. registered on november 3, 2021, it quickly became the most prolific site targeting cryptocurrency. the threat actor responsible for this campaign created 9, 117 u…”
T1557Adversary-in-the-Middle
40%
“threat actors to refine their tactics, allowing for more targeted and genuine - looking spear phishing and bec attacks. malicious motivations are typically driven by consumer behavior — increased online shopping in november led to a 200 % increase in fraudulent retail sites, and …”
T1583.001Domains
35%
“%. delving into the raw data, it became apparent that one malicious domain stood out above the rest : krakentxy. com. registered on november 3, 2021, it quickly became the most prolific site targeting cryptocurrency. the threat actor responsible for this campaign created 9, 117 u…”
T1556.006Multi-Factor Authentication
35%
“: use controls that can prevent attackers making use of phished credentials to gain access to your applications and data. controls here focus heavily on strong password policies, including the use of multifactor authentication. real - time phishing proxies, as covered in the 2020…”
T1598Phishing for Information
33%
“attacks are generic and indiscriminate in nature ( on average 20 % - 30 % ), attackers increasingly use spear phishing to move laterally inside the network — once a low - level employee is compromised, it ’ s easier to phish other, more senior staff members. the iocta report corr…”

Summary

As Christmas quickly approaches, seasonal phishing trends once again show that attackers are taking advantage of increased online shopping. Fraudsters doubled their efforts in November attacking ecommerce giants such as Amazon. The real attacker focus, however, was cryptocurrency with fraudulent sites attempting to steal crypto-exchange credentials.