F-Secure: Phishing Campaigns Using Real Estate, Tax Agencies As Bait


Automated phishing toolkits are helping cybercriminals build more efficient phishing campaigns from crafting a convincing message to setting up an attack website, according to a new report issued by Helsinki, Finland-based antivirus firm F-Secure.

Carrying out phishing campaigns has become more efficient, as automated attack toolkits are becoming more sophisticated and easy to use. An F-Secuure analysis of 71 percent of all phishing URLs gathered in the first half of the year found evidence of direct phishing, which uses a phony website designed to look like a legitimate web page, and indirect phishing, which uses a bait site to trick users into giving up their account credentials for a new security feature.

"These kits make it easier for the miscreants to generate different pages for potentially different targets," F-Secure said in its report. Setting up phishing pages for anything that will take the bait has become easier, and everyone is now a potential victim."

[Related: 5 Phishing Attack Trends You May Have Missed]

Real estate sites and tax agencies were used frequently as bait in indirect phishing campaigns. F-Secure said it saw campaigns using Remax and Coldwell Banker brands to trick users into giving up their details. Paypal continues to be a highly targeted brand as well, with fake PayPal sites making up about 73 percent of the phishing sites analyzed by F-Secure. Gaming sites, banks, credit cards and online shopping sites, including Ebay, also are popular.

F-Secure's global Threat Report (.pdf) outlines attack trends detected by the firm in the first half of 2013. The security firm said the first half of 2013 saw a rise in exploit-based attacks aimed at U.S.-based victims. Nearly 60 percent of the top 10 detections involved attacks that used exploits, F-Secure said. The attacks targeted a spate of widely publicized vulnerabilities in Java, which experts say is ubiquitous on PCs. Nearly 80 percent of the exploits detected by F-Secure were against Java development, the company said.

Attackers are using the Java exploits as an entryway into corporate networks. In February, attackers aimed at Apple and Facebook, targeting a Java vulnerability. Experts said hundreds of other companies, including banks and defense contractors, reportedly have been infected using the same exploit.

Attackers are sticking to popular automated toolkits to carry out their campaigns. F-Secure estimates that five toolkits, led by Blackhole and SweetOrange, made up 70 percent of the automated attacks used by cybercriminals.

Watering hole campaigns also are becoming an increasingly used tactic in targeted attacks. The spearphishing technique targets a group of individuals by setting up an attack on a website that the group trusts and visits often. It is a popular technique used against individuals in the energy and oil sectors, according to Cisco Systems, which has been tracking the targeted campaigns.

In addition, F-Secure said it saw Bitcoin miners making an estimated $50,000 a day on infected systems. Crypto currencies require enough computing power to make money and as a result they spun up large botnets of infected systems to mine coins for Rusian cybercriminals, F-Secure said. The firm estimates that about 5 percent of victims have systems powerful enough to perform Bitcoin mining.

PUBLISHED SEPT. 24, 2013