Introduction
Phishing continues to be a simple yet highly effective method by cybercriminals to gain unauthorised access to an organisation’s valuable assets. The 2023 Verizon’s Data Breach Investigations Report placed phishing among the top three techniques used by attackers to infiltrate organisations. Another study by Vade reported a whopping 173% surge in phishing attempts in Q3 2023 compared to the previous quarter alone (2), highlighting the pressing need for heightened cybersecurity measures against this malicious activity. Despite the abundance of methods employed in phishing attempts, email remains as the top vector of choice among cyber adversaries. According to Cloudflare’s 2023 Phishing Threats Report, 90% of successful cyber-attacks start with email phishing. The same Verizon report also noted that email constitutes 98% of the vector utilised in pretexting attacks, a sophisticated form of phishing that is built around gaining a victim’s trust.
The volume of phishing attempts underscores the importance of having reliable security controls in place to be able to discern legitimate websites and emails from malicious ones. In this pursuit, precision, and real-time traffic monitoring and response are key. This report presents a cross-sectional overview of the latest phishing tactics and trends, as assessed by Hub 53, DNSSense’s dedicated Research and Development division.
Methodology
Data was sourced from Cyber X-Ray during Q4 2023. Cyber X-Ray is the world’s leading AI-powered domain threat intelligence service developed at DNSSense. Leveraging AI and machine learning algorithms, it constantly monitors and contextualises the security telemetry of internet assets such as domain names, subdomains, IPs, IP change history, Fully Qualified Domain Names (FQDNs), SSL certificates, as well as blacklisting, inlink and outlink data. This comprehensive analysis allows Cyber X-Ray to decipher the intricate interplay between these elements and identify malicious domains from legitimate ones with unparalleled precision.
Key findings from Cyber X-Ray
According to the findings, a total of 302k phishing attempts were blocked by DNSSense during the study period, with 3.38% of all malicious domains containing phishing links. In what follows, data related to the industries most affected, the most common techniques employed by attackers, the geographical distribution of attacks, and other pertinent information is presented. These insights offer additional context into phishing patterns, providing a deeper understanding of the dynamics and trends associated with these cyber threats.
Industries Most Targeted by Phishing
According to the results, the majority of the blocked phishing attempts were aimed at the Banking & Finance industry (37%), followed by the Insurance (24%) and Energy (16%) sectors.
Top Phishing Methods
The analysis of data gathered from Cyber X-Ray points to a shift towards hybrid attacks encompassing social engineering tactics that exploit the human element. Among these attacks, Domain Phishing (46%) was by far the most prevalent method, with Clone Phishing (21%) and Whaling (11%) following suit.
Top Countries and TLDs Hosting Phishing Domains
The Philippines (.ph), British Virgin Islands (.vg), and Samoa (.ws) emerged as the countries hosting the highest numbers of phishing domains. Moreover, classification of the TLDs associated with phishing domains revealed that ‘.xyz’, ‘.top’, and ‘.online’ were the most widely used extensions in launching phishing attacks.
Countering Phishing: A Proactive Approach
In today's evolving cybersecurity landscape, protecting against phishing attempts requires a proactive strategy that prioritises prevention over remediation. One effective method involves combining data- and anomaly-driven approaches to bolster defence mechanisms.
A crucial aspect of this approach involves maintaining an up-to-date database of known phishing domains, as well as promptly identifying newly registered ones. By continuously monitoring and analysing these domains, potential threats can be swiftly detected and pre-emptively addressed. Integrating artificial intelligence (AI) and machine learning capabilities further enhances the proactive defence system by enabling the identification of patterns and anomalies indicative of phishing domains.
Equally important is the implementation of real-time automated alert systems, empowering security officers to take immediate remedial actions. The results of our study showcased the effectiveness of DNSSense’s DDR solutions, with 98.7% of all organisations benefiting from at least one blocked connection attempt to phishing domains, demonstrating how DNSSense combines all these elements into practical and reliable cybersecurity practices.
