Nearly 1.5 Million New Phishing Sites Created Each Month

BROOMFIELD, Colo., Sept. 21, 2017 /PRNewswire/ -- According to the September 2017 Webroot Quarterly Threat Trends Report, 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May. The data; collected by Webroot, a leader in endpoint security, network security, and threat intelligence; show today's phishing attacks are highly targeted, sophisticated, hard to detect, and difficult for users to avoid. The latest phishing sites employ realistic web pages that are almost impossible to find using web crawlers, and they trick victims into providing personal and business information.

Webroot Quarterly Threat Trends is based on threat intelligence data derived from the industry's most advanced machine learning techniques, ensuring it's both timely and accurate.
View the full Quarterly Threat Trends Report: www.webroot.com/trends.

Notable findings and analysis:

    --  Phishing attacks have grown at an unprecedented rate in 2017 - Phishing
        continues to be one of the most common, widespread security threats
        faced by both businesses and consumers. Phishing is the number 1 cause
        of breaches in the world, with an average of more than 46,000 new
        phishing sites created per day. The sheer volume of new sites makes
        phishing attacks difficult to defend against for businesses.
    --  Today's phishing attacks continue to be short-lived - The first half of
        2017 highlights the continuing trend of very short-lived phishing sites,
        with the majority being online and active for only 4 to 8 hours. These
        short-lived sites are designed to evade detection by traditional
        anti-phishing strategies, such as block lists. Even if the lists are
        updated hourly, they are generally 3-5 days out of date by the time
        they're made available, by which time the sites in question may have
        already victimized users and disappeared.
    --  Attacks are increasingly sophisticated and more adept at fooling the
        victim - In the past, phishing attacks randomly targeted as many people
        as possible, with the hope that a substantial amount would open an
        infected attachment or visit a malicious web page. Today's phishing is
        more sophisticated. Hackers do their research and utilize social
        engineering to uncover relevant personal information for individualized
        attacks. Phishing sites also hide behind benign domains and obfuscate
        true URLs, carrying more malignant payloads, and fooling users with
        realistic impersonated websites.
    --  Mix of companies impersonated continues to evolve -- Zero-day websites
        used for phishing may number in the millions each month, yet they tend
        to impersonate a small number of companies. Webroot categorized URLs by
        the type of website being impersonated and found that financial
        institutions and technology companies are the most phished categories.
        Webroot also identified the top 10 companies being impersonated
        throughout the first six months of 2017.
        --  Google                 35%
        --  Chase                  15%
        --  Dropbox               13%
        --  PayPal                 10%
        --  Facebook             7%
        --  Apple                    6%
        --  Yahoo                   4%
        --  Wells Fargo          4%
        --  Citi                        3%
        --  Adobe                   3%

Industry Landscape:

    --  According to an FBI Public Service Announcement from May 4, 2017,
        phishing scams cost American business $500 million a year.
    --  According to Verizon, phishing was found to be at fault in 90 percent of
        breaches and security incidents.
    --  A recent report by ESG showed that 63 percent of surveyed security and
        network influencers and decision makers have suffered from phishing
        attacks in the past two years.
    --  In the same ESG report, 46 percent of respondents said malware attacks
        have become more targeted over the past two years, and 45 percent said
        there is a greater volume of malware than in the past two years.

BrightCloud® Real-Time Anti-Phishing:

Webroot offers its network and security vendor partners a unique, real-time solution to combat the pervasive threat of phishing attacks -- BrightCloud® Real-Time Anti-Phishing (RTAP) service. This solution:

    --  Integrates into the technology or offering of a partner
    --  Provides real-time URL validation to protect against zero-hour phishing
        attacks without increasing network latency
    --  Leverages advanced machine learning and content classification to
        automate the detection of phishing sites
    --  Crawls and evaluates every requested URL on demand, in milliseconds,
        using hundreds of site attributes as well as external factors associated
        with the site

Key Quote:

Hal Lonas, Chief Technology Officer, Webroot
"Today's phishing attacks are incredibly sophisticated, with hackers obfuscating malicious URLs, using psychology, and information gleaned from reconnaissance to get you to click on a link. Even savvy cybersecurity professionals can fall prey. Instead of blaming the victim, the industry needs to embrace a combination of user education and organizational protection with real-time intelligence to stay ahead of the ever-changing threat landscape."

Additional resources:

    --  Solution: Webroot BrightCloud Threat Intelligence Services
    --  Previous report: June 2017 Quarterly Threat Trends Report

About Webroot
Webroot delivers endpoint security, network security, threat intelligence services, and security awareness training to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world. Our award-winning SecureAnywhere® endpoint solutions, BrightCloud® Threat Intelligence Services, and FlowScape® solution protect millions of devices across businesses, home users, and the Internet of Things. Webroot is trusted and integrated by market-leading companies, including Cisco, F5 Networks, Aruba Networks, Palo Alto Networks, A10 Networks, and more. Headquartered in Colorado, Webroot operates globally across North America, Europe, and Asia. Discover Smarter Cybersecurity® solutions at www.webroot.com.

Social Media: Twitter | LinkedIn | YouTube | Facebook

©2017 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, Webroot SecureAnywhere, Webroot BrightCloud, BrightCloud, and Smarter Cybersecurity are trademarks or registered trademarks of Webroot Inc. in the United States and other countries. All other trademarks are properties of their respective owners.

View original content with multimedia:http://www.prnewswire.com/news-releases/nearly-15-million-new-phishing-sites-created-each-month-300524095.html

SOURCE Webroot