Phishing surges, file-sharing takes lead as most targeted industry of Q1

Phishing through file-sharing services has soared in the past three months, making cloud-based file distribution services the most targeted sector of the first quarter of the year, Bitdefender found. Globally, file-sharing is being used to spread phishing scams more than the retail and payment industries, the traditional favorites of hackers.

Almost one in five malicious URLs uses a file-sharing service to deliver malicious payloads to users, recent Bitdefender data shows.

Fig. 1 The Top 10 Most Targeted Industry Sectors for Internet Phishing

What the technique lacks in innovation is compensated for by the ease of use and popularity of consumer-grade sharing services. In the past year, Dropbox reached 400 million users who stored 35 billion Microsoft Office files, while Google Drive had 190 million in 2014.

As importantly, file-sharing and cloud storage services lack security features to filter harmful content. This helps attackers hide their malware-infected files without a trace.

For instance, Dropbox does not look at files held in users’ private folders. However, it has managed to implement a hash-based system that recognizes copyright content. This works by automatically generating hashes for files, which are matched against a list of copyrighted hashes and blocked only if users try to share them to external contacts.

Not surprisingly, Dropbox ranks 4^th in the list of the most-spoofed brands, after PayPal, Apple and Google.

Fig. 2 The Top 10 Most Targeted Brands for Internet Phishing

The typical infection flow goes like this: the user receives a genuine-looking email that advises users to click on an embedded link to view an attached document. The link redirects the user to a phishing page hosted on the provider’s domain. The page asks for the user’s credentials, then captures and sends the data to cyber-criminals over SSL. SSL certificates ensure data on a website is submitted in a secure manner, but they do not guarantee the site itself is safe. Thus, hackers are taking advantage, buying cheap SSL certificates and using them on phishing websites to appear legitimate.

Figures 3 & 4. Phishing Emails Impersonating Popular File-sharing Services

Scammers are usually after more than just cloud storage credentials; the malicious URLs can trick users into downloading file-encrypting ransomware, for instance. And the hazard has become significantly more serious as new ransomware iterations can seize control over files stored on cloud services.

Most phishing sites are hosted in the US.

“Phishing remains a highly effective attack vector that is responsible for an increasingly significant percentage of data loss incidents affecting both end users and companies,” says Bogdan Botezatu, Bitdefender’s Senior E-Threat Analyst.

Key takeaways

1. Phishing is still a highly efficient technique. The IRS recently warned it has seen a “dramatic” 400% increase in official-looking text and email messages stuffed into inboxes in 2015.
2. It has serious consequences for companies. If an employee falls victim to a spear-phishing email, he can unknowingly compromise the entire corporate network, including bank accounts, computer system passwords and work credentials. Spear-phishing is effective because it is believable, so we advise users to avoid over-sharing personal information on public platforms and of course, opening links and files from unknown sources.