Phishing Attacks Continue to Rise as Malware Moves from Attachments to URLs

The sophistication of cyber attacks on financial services continues to evolve, yet instances of long-established tactics like email phishing and malware attacks persist.

Results from a newly available study conducted in July 2018 by Proofpoint, a Sunnyvale, Calif.-based cybersecurity software company, reveal that email is the “most frequent source of advanced attacks.”

But the attack vector has shifted slightly. From the study:

Much of 2017 was characterized by massive email campaigns bearing malicious attachments. The largest of these were consistently sent by a single actor known as TA505. In contrast, 2018 campaigns to date have generally been smaller, more diverse in their payloads, and more likely to rely on URLs linking to malicious files than attached documents.

The study also noted a rise in ransomware, even as cryptocurrency valuations continued to decline.

An analysis of attack emails found that banking fielded the largest share of malware attacks. 42% of malware attacks via email were “banking attacks” which refers to banking trojans – malware that conducts man-in-the-middle or man-in-the-browser attacks to steal credentials, conduct fraudulent transactions, etc., as victims interact with online banking sites for which the trojans are configured,” according to Proofpoint. Since last quarter volume in malicious messages attacks is up 36%.

Wells Fargo & Co.’s executive vice president and head of digital solutions, Secil Watson, previously spoke to Bank Innovation and weighed in on this threat type, saying, “A threat factor we see is people getting socially engineered. Both on the commercial banking side and the retail side, somebody will put malware in their system or their business partner’s system and start listening into the email correspondence — it’s called business email compromise.”

Unbeknownst to people within financial institutions, critical financial information is exchanged, and compromised, as such the volume and frequency of attacks are on the rise, epically within financial services.

Proofpoint found that among families of malware attack types like credential stealing and download attacks, banking malware attacks had the highest daily volume, second last quarter only to ransomware attacks.

Last quarter, “downloader” attacks made of 25% of the malware delivered via email, followed by credential-stealing attacks at 17%. Remote access trojan (RAT) attacks were the least likely to be delivered via email. This attack type occurred in 2% of malware-attack emails.

See the full report here.