14 DAY TRIAL // The total number of malicious phishing URLs spread on the Internet jumped 14 percent to 4.44 million in Q2 2016, and if current trends continue, it will break the 8 million phishing pages mark in the next 18 months, by the end of 2017.
This data comes via the Cyren Cyberthreat Report, which this quarter focused on global phishing operations. The same report also highlights that half of today's phishing sites disappear after 24 hours, either taken down by the crooks, ISPs, or security researchers.
The company's analysis of phishing attacks for the last three months reveals that almost a fifth of all phishing pages don't last more than three hours, with only 40 percent of the entire phishing pages lasting more than two days.
A PhishMe study from December 2015 revealed that phishing attacks are most efficient on their first day, after which their effectiveness drops as security researchers, platforms, and products detect the malicious attacks.
Browsers play an important role in detecting phishing attacks
Products like Google's Safe Browsing API are useful. Cyren reveals that, out of all browsers, Chrome and Firefox are the quickest to mark phishing pages and dangerous sites.
According to Cyren, Google Chrome detected 73.9 percent of phishing pages within 48 hours, or before the sites go down. Firefox caught 52.2 percent of the sites while Internet Explorer and Edge only a lowly 21.7 percent.
The average time Chrome took to mark a phishing site as dangerous via a warning inside the browser window was 6 hours and 23 minutes, meaning that around a third of all phishing attacks can still go through.
Firefox took 10 hours and 52 minutes while Edge and IE once again brought up the rear with a detection time of 15 hours and 29 minutes.
Crooks prefer phishing for Amazon credentials
Cyren's key takeaway is that users shouldn't rely on browsers to protect them against phishing attacks, and that a strong security product still remains the best solution.
Most of these phishing pages tried to collect user data specific to services such as Amazon (224,310 URLs), Apple (175,506), eBay (66,223), PayPal (33,850), and Google (29,234).
Surprisingly, PayPal ranked only fourth, being the only service of the top five that works directly with the user's money. On the other hand, sites like Amazon or eBay allow criminals to go on quick shopping sprees while phishing pages for Apple and Google are used as an attack platform for other types of criminal and hacking activities.
Bleak news from the phishing war frontline
Security researcher @MalwareHunterTeam has been hunting phishing and tech support sites for months, reporting malicious URLs to the domain registrars and hosting companies where these pages are hosted.
We've previously reported on the abysmally bad response times some of these web hosting companies provided in the past. Twice.
These were cases where the crooks had registered over tens and even over 100 domains they were using for hosting tech support and phishing sites. Some hosting firms, usually the smaller ones, responded immediately, but the bigger ones took days or even weeks to answer.
With Cyren's most recent report in mind, we now understand why hosting companies need to respond as fast as they can to these reports.
For example, these 50+ phishing sites from three days ago and these 11 from a week ago should have received a faster response time.
MalwareHunterTeam tells Softpedia they have problems with GoDaddy most of the time. For example, he says that GoDaddy has not yet responded to a report from yesterday about 18 shady-looking domains connected to the previous 11.
A general effort is needed from the hosting and domain registration sector to fight this plague.
Crooks know their phishing attacks are most efficient in the first few hours, maximum a day, and phishing prevention requires a faster response from these companies, not just anti-phishing training at the victim-level.
Clearly biggest enablers of spreading malware and spam are domain registrars like @GoDaddy ! https://t.co/9jPiRJlOna — DEY! (@DEYCrypt) August 18, 2016
Hey @GoDaddy If a domain owner is buying these many domains and does not trigger your abuse platform. What will? https://t.co/ZMi3LdDoPA — DEY! (@DEYCrypt) August 17, 2016
Someone know someone at @GoDaddy high enough in food chain to tell them to create Twitter account for abuse reports? https://t.co/Xw2vtKHOEF — DEY! (@DEYCrypt) August 10, 2016
