Digital Threat Or Missed Opportunity?

Phishing: Digital Threat or Missed Opportunity? Telco Security Trends Report, Q3 2019 3 Intro Table 4 What is Phishing? 5 How Phishing Works of 6 Phishing by the Numbers 7 Phishing Is Not a Fad! Contents 8 A Valuable Opportunity for CSPs 9 6 Success Factors of a Phishing Attack 10 This is Where CSPs Step In 11 Geography of Phishing 14 Phishing Around the Clock 15 Best Defense Tips 16 Conclusion 17 Resources 18 End Notes 19 About Allot ALLOT TELCO SECURITY TRENDS | Q3 2019

Scams, hoaxes, and frauds are nothing new. Reports from as early as 2006 2 indicated that phish·​ing | \ ˈfi-shinŋ\ The internet is just the latest conduit for them, phishing was becoming a major concern for with hackers playing the role of the modern day CSPs, with pressure coming from both users a scam by which an Internet user is con artist. The greed, fear, and hope that online who demand that service providers do more to duped (as by a deceptive e-mail message) phishing exploits are as old as mankind. protect them from attacks, and from the financial institutions targeted by these attacks. CSPs are into revealing personal or confidential Phishing has always been one of the most starting to feel the impact of cybercrimes like information which the scammer can use common and effective methods of cybercriminals. phishing, and there are ways to actively participate illicitly. It is simple, low-tech, and exploits human nature. in globally reducing phishing attempts. Its goals can include credential harvesting, malware infection, and money extortion. In 2018, Understanding the severity of this cybercrime Merriam-Webster Dictionary the number of phishing attacks doubled, reaching underscores the importance of network security. nearly 500 million1. This is where the true value lies for CSPs: the ability to take action to mitigate this concerning trend The problem affects everyone as phishers target while earning new revenue. ordinary individuals, SMBs, and large enterprises. Phishing is quickly expanding from email to new channels where users are most vulnerable. Potential victims are often targeted through mobile messaging and social media apps, many of which lack traditional security.

3 ALLOT TELCO SECURITY TRENDS | Q3 2019

Phishing comes in many forms, but these are a few of the popular variants:

Mass phishing is the prevalent form. Hackers send out thousands of DNS hijacking is very difficult to detect. The domain name service of Knowing these fraudulent messages to a large user base, aiming for quantity over quality, typically insecure home routers is hacked to redirect traffic to IP addresses scams exist is half like in a Vodafone phishing campaign from 2017. Mass phishing can capture of carefully crafted phishing sites. Unsuspecting users type the correct the battle. significant amounts of information, even if only a small percentage of domain address in their browsers, have no idea they are on a malicious site, To combat them, recipients fall for the scam. and hand over their credentials. A DNS hack like this occurred on two of the it is also important largest banks in Brazil in 2018. Spear phishing targets a specific person or role in the enterprise and is used to understand when the stakes are higher. Cybercriminals research and profile their victims Tech support scams are a particularly troublesome form of phishing for why phishing is so by gathering personal data on social media prior to orchestrating the attack CSPs. Phishers impersonate CSPs and ask customers for account credentials successful in the and put extra effort towards crafting and designing personalized messages. or attempt to sell bogus tech support services and steal their credit card first place. Typically, spear phishing is used as a first step to gain access to corporate details. These scams can damage CSP reputations and generate negative networks, which can then lead to severe consequences. brand associations, even though the CSP is not to blame.

4 ALLOT TELCO SECURITY TRENDS | Q3 2019

How Phishing Works

A “phisher” exploits human emotions like fear, to trick When Does It Happen? Where Does Phishing Happen? unsuspecting users into clicking malicious links. In a popular Phishing attacks happen all the time, but are often fueled Well, everywhere that communications exist. Traditional example, a phisher sends a fake message from an on-line by trending topics, from thematic holidays, to pop culture phishing messages are sent via email, however, recent trends service, claiming that there was a suspicious login attempt and sporting events. For example, FedEx based phishing indicate a rise of phishing attacks that use other messaging or that a password has expired, encouraging victims to click campaigns become more popular around the holidays when platforms. In 2018 Slack, Skype, Facebook Messenger and a link to update the password. The link instead takes them online ordering surges. other communication applications become popular targets to a spoofed page where they are asked to submit their for phishing, with a 237% increase in phishing attacks against credentials to “log in”. users of the SaaS industry in 20183.

Top 10 Impersonated Brands of 20184

Phishing has been around for over 20 years and the costs of phishing are higher than ever, with some alarming trends accompanying the rising figures.

5 ALLOT TELCO SECURITY TRENDS | Q3 2019

Phishing by Financial Costs the Numbers $172M $500M Cost of phishing and These statistics Yearly costs of phishing attacks other forms of online highlight the for American businesses 5 fraud in 2017 8 financial damage and overarching $12.6 trends of phishing in Billion + - recent years. Global losses from $1.6M $5000 / $476 Business Email Average cost of a Average cost Compromise (BEC) Losses reported by phishing attack for mid- 9 per financial 7 6 1 in 10 consumers attacks since 2013 size companies in 2017 cyber attack8

In 2018, phishing was the most Phishing Trends popular type of cybercrime of the ~281B emails sent daily and it isn’t just a trend; are phishing phishing is here for the long 1% attempts 11 haul and it is time to act. 71.4% 190% 66% of malware is installed via of targeted attacks Increase in phishing malicious email attachments; involved the use of 82% attacks against users of of manufacturers experienced 13 fake purchase orders, payments, spear-phishing emails 12 social media. a phishing attack in 2018 invoices, and receipts 14

*Data adapted from external source(s) referenced in the Endnotes of this document.

6 ALLOT TELCO SECURITY TRENDS | Q3 2019

Phishing Is Not a Fad!

Just like any marketplace, market demand applies to the With the devaluation of cryptocurrencies, the appeal of This data demonstrates that phishing is not a fad. The reason monetization of malware too. With the rise in cryptocurrency cryptojacking declined 100 fold in 2019, while phishing is one constant factor - human nature. Even though con valuations last year, Allot identified and reported16 a massive remains stable at about 20M phishing attacks per month. artists have modernized their tactics, the emotions they are surge in cryptojacking malware based on Coinhive libraries. preying on are still the same. People are naturally prone to Looking at the threat landscape for Q1 2019, phishing During the same period, there was a corresponding rise in click on emails that are addressed to them. Bad guys will remains in first place and accounted for almost 35% of phishing. This is understandable as phishing is commonly always find new, creative ways to trick victims. activated protections for 7 milion customers in Europe used to infect users with malware. subscribed to a CSP based security service.

Even though phishing is technically the responsibility of internet users, the cyberattacks present unique revenue opportunities for CSPs, while protecting innocent internet users that don’t know better.

7 ALLOT TELCO SECURITY TRENDS | Q3 2019

Despite over a million fatal car accidents each year, people keep CSPs can provide continuous protection against phishing with an A Valuable driving. However, through regulation and private initiatives by car approach that includes the following three elements: manufacturers, safety technology has helped mitigate a lot of the Opportunity risk. Some car companies have even made safety the focal point for CSPs of their branding. Similarly, CSPs can wait for regulation to step in or take a pre-emptive step and become secure communications providers, championing safety as a key differentiator for themselves.

Here are 3 trends that can’t be ignored in 2019:

oo 69% of people don’t use their smartphone for mobile payments, with 42% of them claiming security as the reason17.

oo 90% of successful cyberattacks started with a phishing email, according to a 2018 report 18. WARN EDUCATE SECURE customers about customers on customers from oo 50B+ IoT devices are expected to be connected by 202019, phishing campaigns internet safety phishing creating a plethora of new opportunities for cybercriminals.

Phishing is a real problem for CSPs, but by proactively addressing As documented in our recent Telco Security Trends report, Allot internet security, CSPs stand to increase brand loyalty, generate found that 66% of households with 1-10 devices are willing to pay additional revenue from added premium security packages, and monthly fees of $4.90 on average to cybersecure their connected differentiate themselves from the competition. home; 84% of households with more than 10 devices were willing to pay an average of $6.16.

By nature, people are susceptible to social engineering scams like phishing, but that isn’t the only factor in the success of these campaigns.

8 ALLOT TELCO SECURITY TRENDS | Q3 2019

6 Elements of a Successful Phishing Attack

Humans may be the weakest link in cyber security, but it isn’t entirely our fault. Even highly educated, tech-savvy individuals can fall victim to these scams because of the level of complexity generally involved. How many of these factors would be able to fool you?

Ties to Current Events and Holidays Criminals typically take advantage of holidays and hyped events taking Well-Crafted Fake Human Emotions place around the world, like the 2018 Email or Website and Psychology World Cup in Russia, GDPR launch, Easy-to-spot fake emails Hackers are exploiting human new season of “Game of Thrones”, with bad grammar and typos emotions: fear, guilt, kindness, and others. During holiday shopping Massive Distribution are being replaced with greed, and curiosity. Victims season users often have their guard Phishing campaigns exploit well-crafted, personalized are tricked by a fake sense down, leaving them vulnerable large-scale IoT botnets and messages that are harder of urgency created by the to the attacks. automation to deliver messages to detect. messaging or imagery. to their victims. Hackers have used “thingbots” of smart home devices as HTTPS Domain launching pads for massive phishing Today, phishers install and spam attacks distributing more encryption certificates to make than 750,000 malicious emails fake sites appear more legitimate. Social Engineering since as early as 2014. Nearly one-third of all phishing sites and Personalization observed by the end of 2017 were Criminals today can research located on HTTPS domains, up and profile their victims prior to from only five percent a year orchestrating an attack making their before 20. messages personal and timely, and Many internet users are fooled by therefore, more authentic and these elements which is why phishing convincing. continues to trend around the world.

9 ALLOT TELCO SECURITY TRENDS | Q3 2019

This is Where CSPs Step In

When you look at the Endpoint Security agents scan messages for malware as they CSP's can protect customer who fall victim and click on the arrive, but this relies on the users to install and update software malicious link with a network-based security solution. path a typical phishing independently. The efficacy of this type of solution is beyond the Such solutions do not require users to take any action, can provide CSPs control, and adoption rates are extremely low. engagement opportunities for CSPs and achieve higher adoption attack takes, there are rates. two very clear junctures where the malicious behavior can be mitigated.

E S CS N S

T C N C Y

N

10 ALLOT TELCO SECURITY TRENDS | Q3 2019

Colombia UK 1% 1% Geography China 2% of Phishing USA Turkey Japan 84% Sweden 1% Russia From the Americas to Europe and the Asian Pacific region, phishing is an active threat. Some of the most affected countries in the top ten may even surprise you.

Top 10 Most Targeted Countries of 201821 (By percentage of total phishing volume)

Famous Hacks (Read the stories on the next page) Canada 4%

France 2%

Depending on the level of research, campaigns can even be sent with specific timing to catch victims when Germany 1% their guard is down throughout the day.

Brazil Australlia 1% 1% 11 ALLOT TELCO SECURITY TRENDS | Q3 2019

Geography USA Operation Phish Phry (2009) of Phishing Operation Phish Phry was the largest international phishing case ever conducted at the time, according to the FBI. The hackers successfully targeted hundreds of US bank account holders who received official-looking emails directing them to fake financial websites. Victims entered their account numbers Famous Hacks and passwords into fraudulent forms, giving the attackers easy access to their private data. Nearly 100 people in the USA and Egypt were arrested for stealing $1.5 million through this phishing scam.

RSA (2011) In 2011, an American network security company called RSA reported a data breach following a spear phishing attack. The attack exploited an Adobe Flash vulnerability that was unpatched, which resulted in a backdoor being installed on the compromised machine. The email had a single line of text that said: “I forward this file to you for review. Please open and view it.” The attack enabled criminals to get hold of master keys for all RSA SecureID security tokens, which were then subsequently used to break into US defense suppliers’ networks.

Target (2013) The huge Target data breach that affected 110 million customers in 2013 began with a simple phishing attack. Hackers stole network credentials through an email phishing attack against a third-party heating, ventilation, and air-conditioning vendor, that began at least two months before they started stealing card data from thousands of Target cash registers. The breach cost Target hundreds of millions of dollars, and the firm fired its CEO and CIO.

Sony Pictures (2014) The largest data breach at Sony Pictures was caused by phishing emails used as an initial attack vector. Using social engineering,

hackers convinced employees to open a malicious attachment that infected Sony with the malware. Over 100 terabytes of Sony’s data were stolen, which cost the company an estimated $100 million

The Clinton Campaign (2016) On March 19, 2016, Russian intelligence services sent Hillary Clinton’s campaign chairman, John Podesta, a carefully crafted spear-phishing email. The fake message looked like Google was urging him to reset his password. He fell for it and gave criminals the access to his email account. Two days later, they swept up his inbox of more than 50,000 emails.

Google Doc (2017) 1 million Gmail users were impacted by a major phishing attack that hit Google Docs in 2017. The attack sent victims an emailed invitation from someone they may know, took them to a real Google sign-in screen and asked to “continue to Google Docs.” This granted permissions to a (malicious) third-party web app that had simply been named “Google Docs,” which gave phishers access to the email and address book of the victims.

12 ALLOT TELCO SECURITY TRENDS | Q3 2019

Geography Brazil Sweden Japan Australia 2005 Nordea Bank (2007) Yahoo! Japan (2008) EnergyAustralia (2017) of Phishing Notorious Brazilian phisher Valdir In 2007, Swedish Bank Nordea This phishing attack In 2018 Australia rose up the Paulo de Almeida was arrested lost about $1.1 million in a impersonated the Japanese charts as one of the most Famous Hacks in 2005 for leading one of the phishing scam. Going on for over localized site of Yahoo! Auctions. targeted countries for phishing. largest phishing campaigns. 15 months, the scam infected The phishing emails were One of the largest local attacks Between $18 and $37 million USD customers with a Trojan called delivered to users with a subject was a phishing scam that hit were stolen over two years. Valdir “haxdoor.ki.” masquerading as title in Japanese “To Yahoo! EnergyAustralia customers. The sent up to three million messages an anti-virus package. The virus Japan site users” appearing to phishing email was an exact a day with sophisticated Trojans was designed to redirect to a fake come from the Yahoo! Japan replica of a real EnergyAustralia attached, targeting Brazilian bank bank page when they tried to use Support Center. The phishing bill with the message noting customers and led a gang of up the website. Approximately 250 site was designed to mimic the the bill was due in just a few to 18 hackers. bank customers were said to be real Yahoo! Japan site layout days. In truth, the sender was affected by it. and some of the links were even attempting to trick the recipient Brazilian Bank (2016) connected to the legitimate into downloading a Zip file that Hackers hijacked the entire UK Yahoo! Japan site. contained a malicious JavaScript. online operation of one of the major banks in Brazil by using Vodafone (2017) Russia DNS manipulation to reroute This phishing campaign all customers to perfectly impersonated Vodafone, a major Russia World Cup (2018) reconstructed fake copies of the international phone company, in Last year, cybercriminals heavily bank’s sites. Aside from mere a very convincing example of a exploited the World Cup event in phishing, the spoofed sites also fraudulent email. It claimed that Russia, creating numerous fake infected victims with malware. the customer needed to pay a FIFA partner websites to gain bill of over £400 - a high amount access to victims’ bank accounts. designed to send users into The criminals sent a large amount panic and click on the links. The of emails promising vacation scammers sent these emails out rentals, free tickets, and more, to by the thousands in the certainly World Cup fans. The FTC issued a that some would reach real special note guiding fans to FIFA. Vodafone account holders. com, the only official source for tickets, and giving tips on how to avoid the scams.

13 ALLOT TELCO SECURITY TRENDS | Q3 2019

Lunch in a Cafe Keisha sits in a café and gets a Phishing phishing SMS asking her to claim a free gift. She excitedly clicks the link Around which turns out to be malicious and her phone is infected.

the Clock At a Bar Emma already had her first In today’s world, At Home martini, when she gets a millions of people Jane gets a personal email Facebook message from a from “PayPal” asking her to distant cousin who she hasn’t are on a device of verify a suspicious login to her heard from. The “cousin” invites some kind from account. She clicks through to her to download the video of a fake copy of the real site, and In the Office her recital, but in fact, Emma has the moment they then hands over her login and Pedro sits at his desk and gets downloaded malware. wake up to right password unknowingly. a spear-phishing email “from the CEO” asking him to transfer before bedtime. a payment to a new partner company, which is a scam.

On the Commute to Work Fred is on the bus and gets an email notification from his phone company with a huge bill. He panics, clicks to view the claim and inadvertently downloads malware to his phone.

CSPs can take steps to protect their customers from these situations, while simultaneously increasing brand loyalty and engagement.

14 ALLOT TELCO SECURITY TRENDS | Q3 2019

Creating an opt-in mailing list, and proactively alert customers to help them avoid getting caught Best in the latest scams. Defense Tips oo Inform customers in real-time about specific phishing campaigns that are going on, especially if the campaigns are relevant to their interests. To successfully deal oo Anticipate upcoming phishing attacks. Traditionally, waves of phishing attacks increase with phishing, CSPs around the holidays and during pop culture events. can embrace the following three-pronged approach: Find ways to educate customers on using practical tools and best practices for browsing the web and staying safe.

oo Encourage customers to learn more about phishing and test themselves with interactive tools, like free interactive quizzes or games. This quiz by Google and this game by the FTC are good examples, or even better, make your own.

oo Offer your customers the chance to opt-in to your own phishing awareness program for customers. These programs are designed to train participants in a safe environment, by sending fake phishing emails out periodically, with feedback and scoring relayed to the user.

Even with better education, the best thing you can do for your customers is protect them.

CSPs have a valuable chance oo Implement anti-phishing technology, such as Allot NetworkSecure and Allot HomeSecure. to be trend setters instead of The most effective defense against phishing is to protect customers from within the network, followers, by championing with in-line content and header inspection that blocks phishing, malware and other types of cybersecurity and rolling malicious traffic. out security-as-a-service oo Encourage customers to install end-point security solutions to fight phishing and keep packages to protect their themselves protected when they access the internet from multiple accounts that customers. may not reside on the CSP infrastructure.

15 ALLOT TELCO SECURITY TRENDS | Q3 2019

Conclusion

Phishing is the most prevalent form of CSPs have two primary ways to capitalize These initiatives can result in a safer, and Learn more about cyberattack that exists today, but it is only on the dangers of cybercrime: therefore more satisfied, customer base. securing your the tip of the iceberg when we look at the Our data has shown substantial interest oo Raising awareness about the dangers threat landscape for 2019. As our society from consumers in purchasing network customers from of phishing and other cybercrimes, to continues its rapid transformation into security services from their Internet Service increase brand loyalty and consumer phishing attacks » a hyper-connected digital age, we are Providers. To these consumers, ISPs are satisfaction, and differentiate more exposed than ever to the dangers of the experts at everything internet-related, themselves from the competition, and criminal activity on the web. Weak network which includes security. CSPs are uniquely security can make it just as easy as it is for oo Bundling security value-added positioned to make a difference with their cybercriminals to access your personal services (VAS) into existing internet massive subscriber lists who already look data as it is for you. plans for consumers, generating to them as the experts. By embracing incremental ARPU and simultaneously the burden of protection and educating The key to strengthening the weak link that protecting consumers. customers, CSPs can make a tremendous is human nature, is consistent education impact on the cybercrime footprint and to raise awareness. Ongoing anti-phishing make the internet a safer place for the campaigns that regularly send test emails everyday digital consumer. combined with computer-based training have been found to dramatically decrease careless clicking to just 13% in 90 days, with a steeper drop to 2% after 12 months 22.

16 ALLOT TELCO SECURITY TRENDS | Q3 2019

Resources

From Allot

Connected Home Cybersecurity: The Consumer’s Perspective - Telco Security Trends Report People are prone to taking How Effective are CSP Security Services for the Mass Market? - Telco Security Trends Report mental shortcuts. Will Your Defense Conquer World Cup Malware? - Blog Post They may know that they New Research Shows Why We Should Trust CSPs With Our Data Security - Blog Post shouldn’t give out certain IoT Security Demands a Multi-Layered Approach - Frost & Sullivan Whitepaper information, but the fear of not

From Other Sources being nice, the fear of appearing PhishLabs 2018 Trend Report ignorant, the fear of a perceived What Happens When You Reply To Spam Email - James Veitch, TEDTalk authority figure - all these are Phishing for Phools - Robert Shiller, TEDxYale triggers, which can be used The Latest in Phishing - Proofpoint by a social engineer to convince Tips on How to Recognize and Avoid Phishing Scams, FTC a person to override established Anti-Phishing Tools For Consumers security procedures.” Anti-Phishing Browser Extensions

Password Alert - Chrome Extension

Password Checkup - Chrome Extension Kevin Mitnick Facebook Login Tracker and Email Alerts Cybersecurity Consultant and former hacker

17 ALLOT TELCO SECURITY TRENDS | Q3 2019

End Notes

1. Spam and Phishing in 2018 Report, Kaspersky Lab

2. Anti-Phishing Best Practices for ISPs and Mailbox Providers, 2006

3. PhishLabs 2018 Phishing Trends & Intelligence Report

4. F5 Lab 2018 Phishing and Fraud Report

5. Forbes: Phishing Scams Cost American Businesses Half a Billion Dollars A Year

6. PhishMe’s 2017 Enterprise Phishing Resiliency and Defense Report

7. FBI Public Service Announcement Alert I-071218-PSA

8. 2017 Norton Cyber Security Insights Report

9. Kaspersky: Online Financial Cybercrime Victims Struggle to Recover All Their Lost Money

10. Emails Sent and Received Between 2017 and 2023

11. Medium: How to Spot Phishing: The Most Common Cyberattack

12. Check Point Research Security Report 2018

13. Symantec Internet Security Threat Report 2018

14. 2017 Verizon Data Breach Investigations Report

15. PhishLab 2018 Phishing Trends & Intelligence Report

16. Allot Q2 2018 Telco Security Trends Report

17. Deloitte 2018 Global Mobile Consumer Survey, US Edition

18. IT Governance: Over 90% of Successful Cyberattacks Start with a Phishing Email

19. Cisco: Enterprises Are Leading The Internet of Things

20. PhishLab 2018 Phishing Trends & Intelligence Report

21. PhishLabs 2019 Phishing Trends & Intelligence Report

22. KnowBe4: Phishing

18 ALLOT TELCO SECURITY TRENDS | Q3 2019

About Allot

Allot Ltd. (NASDAQ, TASE: ALLT) is a provider of leading innovative network intelligence and security solutions for service providers worldwide, enhancing value to their customers. Our solutions are deployed globally for network and application analytics, traffic control and shaping, network-based security services, and more. Allot’s multi-service platforms are deployed by over 500 mobile, fixed and cloud service providers and over 1000 enterprises. Our industry leading network-based security as a service solution has achieved over 50% penetration with some service providers and is already used by over 21 million subscribers in Europe. For more information, visit www.allot.com or Contact Us

19