During the COVID-19 pandemic there have been many new possible attack vectors for hackers to target due to the changes required of workplaces in the face of national lockdowns.

This resulted in a more spread out, remotely-based workforce. Reacting to this hackers increased their phishing attacks to try and steal log on details for email accounts, VPNs, and remote access solutions.

The rise cybercriminal campaigns  was recently shown by the Anti-Phishing Working Group which has been putting together data on phishing attacks from its member groups during 2020. Its most recent report shows phishing attacks grew to more that twice that experienced during 2020, peaking in October 2020 when previous records were broken. In October, 225,304 new phishing sites were detected, compared with under 100,000 during January 2020. During the time period from August to December 2020, over 200,000 new phishing sites were discovered every month.

Links to these phishing portals are shared in large scale phishing campaigns and the majority of the messages arrive in inboxes where they are then clicked on. The pandemic resulted in it being much more simple for hackers to successfully target those seeking details about COVID-19. As the year went on COVID-19 themed lures were deployed masking as information about COVID-19 relief payments for businesses, offers of early vaccines, small business loans, tax deadline extensions, and other similar campaigns.

Hackers often create compromised websites for hosting their phishing forms, but it is now much more typical for the hackers to purchase their own domains that are tailored for each phishing campaign. These lookalike domains can easily trick people into thinking they are on a genuine site website.

Hackers have also been deploying encryption to mask their phishing URLs and fool employees. Hosting phishing URLs on HTTPS sites can trick staff into thinking the web content is authentic, and many security solutions do not review encrypted content which makes the URLs tricky to spot and block. In Q4, 2020, 84% of phishing URLs used SSL encryption.

The rise in deployment of SSL encryption is a worry, as many people mistakenly believe that a URL beginning with HTTPS is secure when that is not so. SSL inspection means the link between the browser and the website is secure, which means users are safeguarded against the interception of sensitive information, but a hacker may own or control that website. The secure connection just means other hackers will not be able to intercept login credentials as they are entered on a phishing web portal.

The issue for companies has been how to address these attacks as they increase in number and complexity. Many companies have previously depended on Office 365 anti-spam protections for preventing spam and phishing threats, but large amounts of these malicious emails are broadcast to Office 365 inboxes. When that happens and a malicious link is visited, they have no way of stopping employees from disclosing sensitive data.

One method that businesses can better safeguard their databases from these phishing attacks is by putting in place a web filtering solution that features SSL inspection. WebTitan has the ability to decrypt websites, review the content, and then re-encrypt which means hacking portals websites are not hidden and can be identified and prevented.

WebTitan also uses a range of threat intelligent feeds to see to it that once a phishing URL is discovered, all WebTitan users will be instantly protected. WebTitan makes sure that protection is in place from emerging phishing URLs and zero-minute attacks. When linked with an advanced spam filtering solution like SpamTitan to prevent phishing emails at source and ensure they do not land in inboxes, companies will be well secured from phishing attacks.