New Trends and Phishing Attacks: What are the new trends in phishing attacks? The goal of the article is to provide an overview of the latest phishing attacks, to create awareness and offer concrete solutions
Phishing attacks have steadily increased worldwide during 2021-2022 with a devastating cost for each successful data breach. Moreover, these attacks have become more sophisticated as bad actors continue to develop and use new techniques to steal credentials and sensitive information.
2022 phishing attack trends in a nutshell
Recent developments during 2021-2022 have seen the use of several new and contemporary phishing attack types.
These trending attack types include:
- Man-in-the-Middle (MITM);
- Browser-in-the-Middle (BITM);
- Browser-in-the-Browser (BITB);
A MITM phishing attack is an advanced way to steal sensitive credentials and bypass advanced security measures, such as multi-factor authentication (MFA), by surreptitiously intercepting communications.
Basically, this attack occurs when an attacker intercepts a sensitive communication between a user (the victim) and the entity to which the victim is trying to communicate (such as a bank or financial institution).
Critical to the success of the phishing attack is that the victim is not aware of the man- in-the-middle, making it appear as if it is just a normal exchange of information taking place. In other words, the attacker typically engages in impersonating the legitimate entity.
A newer attack method, Browser-in-the-Middle (BITM), is similar to MITM in the way it controls the data flow between a client and the service it accesses. However, it is capable of bypassing some of the typical MITM shortcomings. In fact, BITM can expand the range of an attacker’s actions while making them easier to implement.
Its features include the absence of the need to install malware of any kind on a victim’s machine while allowing the attacker to take total control of it.
This novel technique makes use of a Virtual Network Computing (VNC) server to deceive the victim. In short, the attacker instantiates a server accepting VNC connections through a webpage.
On the other end of the connection, the attacker runs a browser in total control using full screen mode opened on the target page.
Put another way, the attacker interposes a malicious transparent browser between the victim’s browser and the web server the victim is accessing to obtain a service such as banking or social media.
Now, with the attacker’s customized browser in the middle, it is capable of intercepting, recording, or manipulating any data exchanges between the victim and the service provider.
A devastating new phishing technique called Browser-in-the-Browser (BITB) has been demonstrated recently.
More specifically, according to an industry security researcher, a BITB attack consists of simulating a browser window within the browser to spoof a legitimate domain.
The attack primarily exploits a third-party single sign-on (SSO) authentication model—such as those provided by Google, Apple, or Microsoft—which has become increasingly common to allow users to log into many different websites without having to remember an additional password.
In this type of attack, the victim is shown a fraudulent pop-up window that requests an SSO password. The pop-up is capable of displaying any URL with the “https” prefix, indicating that the site is secured with TLS/SSL encryption. The victim then feels comfortable to provide credentials for what appears to be a legitimate and trustworthy site.
Phishing attacks are on a steep rise
Phishing attacks are on a steep rise. These attacks are not only more prevalent but are becoming increasingly intricate as bad actors find new ways to design and implement sophisticated phishing campaigns to steal credentials and sensitive information.
According to the Anti-Phishing Working Group (APWG) —a non-profit international coalition of counter-cybercrime responders—there were 1,025,968 phishing attacks observed during the first quarter of 2022.
This was the worst quarter for phishing that APWG has ever observed, and the first time that the quarterly total has exceeded one million.
Today, phishing is one of the top threat types likely to cause a data breach. The 2022 Data Breach Investigations Report published by Verizon found that approximately 25% of all data breaches involve phishing and 85% of data breaches involve a human or social engineering element.
Moreover, in the Cost of a Data Breach Report 2022 published by IBM Security, it was reported that the average cost of a data breach with a phishing initial attack vector was USD 4.91 million—the costliest of all initial attack vectors in 2022.