member sign-in
Forgot password? Create new account Close

Phishing made easy: Time to rethink your prevention strategy?

Database Activity Monitoring / Database Firewall 2016 December 12 0 comments

By examining a phishing campaign, researchers at the Imperva Defense Center have uncovered new ways cybercriminals are leveraging compromised servers to lower the cost of phishing. Phishing is the starting point for most network and data breaches.

The campaigns run mostly from compromised web servers and distribute all kinds of malware including ransomware.  In this report, we present the different tools used to compromise web servers, phishing platforms offered as a service, financial motivations and the business models of phishing campaigns. We also highlight the importance of intelligence sharing which helped attribute with high confi dence the phishing campaign to a group of known cybercriminals.

Phishing campaigns are often orchestrated from compromised web servers while hosting providers and businesses remain totally unaware of the malicious activity. Compromised web servers used in Phishing as a Service (PhaaS) platforms significantly lower the costs of a phishing campaign and help the cybercriminals hide their tracks.

The 2016 Verizon Data Breach Investigations Report (VZ DBIR) documents a significant increase in phishing success over 2015 primarily due to human factors. Endpoint protection mechanisms have failed to contain the spread of malware. If more web servers are hardened, there is a good chance the phishing threat can be mitigated. The best way to protect web servers from being compromised is to deploy web application firewalls (WAFs) that can detect and block advanced injection techniques.

The phishing-based malware distribution mechanism relying on compromised servers can be contained only by increasing the security on web servers. If WAFs were deployed as ubiquitously as network firewalls, the cybercriminal industry would be seriously crippled.

You have to login or register in order to post a question.