Phishing is the “art” of getting a target to click a malicious link or download a malicious file and it is experiencing something of a resurgence.
This follows research released by Fortinet in which it found that South Africa was among the top 20 countries targeted in a massive influx of phishing attacks.
According to the security firm, the attackers abused an online virtual hosting service in order to register domains in bulk. The attackers managed to register 200 domains every day for a week.
These domains were then turned into phishing tools by the attackers and phishing emails containing links to these domains were sent to 100 countries.
Fortinet says that many of the the registrant emails used this address format <random_string>@e.o-w-o[.]info.
Worryingly, Fortinet says that South Africa was among the top 20 countries targeted where folks clicked the malicious links. Thankfully the domain visits from South Africa clocking in at 167 placing us at number 17. The US meanwhile had some 2 111 visits to the malicious domains.
As worrying as this all is, Fortinet says that unique incidents such as this – where domains are registered en masse – can help security researchers in monitoring other threat actors.
“Cybercriminals tend to do the same things over and over again. Our recent Fortinet Threat Landscape Report for Q1 of 2019 showed that a surprising number of attackers use the exact same web-based infrastructure, and leverage those resources at the exact same step on their attack cycle. Learn those patterns and you can begin to see and even anticipate an attack before it is even launched,” says regional sales director for Fortinet, Doros Hadjizenonos.
The firm says other methods used by phishing attackers to obscure their activities include:
- Using compromised websites to host phishing sites
- Using free hosting websites
- Abusing free Microsoft web services
- Using shared web hosting services, and shared name server services
The firm says these methods are often used by attackers hoping not to get caught but it appears as if the good guys are on to them.
As for protection against phishing, Fortinet has some simple advice.
“The best approach to countering Phishing attacks is to regularly train all personnel to be wary of unknown senders and to not click on links or attachments of suspicious emails,” concludes Hadjizenonos.[Image – CC 0 Pixabay]